Prompt Injection in AI Browsers

A researcher report describes “CometJacking,” a prompt‑injection technique that embeds malicious instructions in AI browser URL parameters (the ‘collection’ parameter) to coerce connected-agent features into accessing and exfiltrating sensitive data from linked services (e.g., Gmail and Google Calendar). In tests, the Comet agent followed instructions to encode and send data to an external endpoint, demonstrating a practical method to bypass checks and extract user data without credentials or interaction.