# ChatGPT for Google Sheets vulnerable to data exfiltration via prompt injection

_Sunday, May 31, 2026 at 8:02 PM EDT · Cybersecurity, AI · Latest · Tier 2 — Notable_

ChatGPT for Google Sheets is vulnerable to data exfiltration and phishing overlay attacks that affect workbooks across the victim's account after an indirect prompt injection in a single sheet.

This attack does not require human-in-the-loop approvals, even when settings require human approval before ChatGPT edits workbooks. A single indirect prompt injection triggered by one benign user query can exfiltrate many workbooks, display an interactive phishing pop-up, overwrite the GPT sidebar with an attacker-controlled interface, and enable attacker-controlled edits.

The vulnerability occurs when any untrusted data source manipulates ChatGPT to run an attacker-controlled external script leveraging permissions granted to the extension. The issue was responsibly disclosed to OpenAI with no substantive response beyond an automated reply. OpenAI documentation does not describe the sensitive capabilities or risks of indirect prompt injection.

## Sources


---
Canonical: https://techandbusiness.org/newswire/editor-9821348
Retrieved: 2026-06-01T02:47:42.237Z
Publisher: Tech & Business (techandbusiness.org)