ChatGPT for Google Sheets was found to be vulnerable to data exfiltration and phishing overlay attacks that could compromise workbooks across a user’s account, according to promptarmor.com. The flaw allowed attackers to execute indirect prompt injections in a single sheet without requiring human approval, even when such approval was explicitly enabled in settings.
The vulnerability stemmed from the model’s ability to generate Apps Script code, which attackers exploited to access and extract data from multiple workbooks. OpenAI responded by disabling the model’s capability to generate Apps Script code within ChatGPT for Google Sheets. The company also stated it is reassessing its sandboxing methods and how the feature interacts with Google Sheets APIs to prevent similar prompt injection attacks in the future.
This issue highlights the risks associated with integrating AI models directly into productivity tools, where automated code generation can be manipulated to bypass security controls. OpenAI’s swift action to remove the risky functionality and conduct a broader review underscores the importance of securing AI-powered extensions, especially as enterprises increasingly rely on them for workflow automation.
OpenAI plans to continue evaluating the security of ChatGPT’s integration with Google Sheets and other platforms to ensure consistent defenses. Users should expect updates on improved sandboxing and API interaction safeguards as the company works to strengthen protections against prompt injection and related exploits.