ChatGPT for Google Sheets flaw enables data exfiltration, phishing

A security researcher at PromptArmor has disclosed a vulnerability in the widely-used ChatGPT for Google Sheets plugin that could allow malicious actors to exfiltrate sensitive data and conduct phishing campaigns. The flaw relies on prompt injection, where crafted inputs trick the AI into executing unintended actions.

The vulnerability targets users who rely on the plugin to automate spreadsheet tasks, exposing them to risks when processing untrusted data. According to PromptArmor's findings, an attacker can embed hidden instructions within spreadsheet cells that, when processed by the AI, trigger requests to external servers controlled by the attacker.

Technical details reveal that the attack can exfiltrate entire spreadsheets by encoding data into URLs sent to attacker-controlled domains. The researcher demonstrated that a single malicious cell could compromise an entire document's contents without alerting the user.

PromptArmor has notified Google and the plugin developer, but a fix has not yet been released. Users are advised to avoid processing untrusted data with the plugin until a patch is deployed.

The vulnerability underscores a broader pattern: as AI plugins gain adoption, the attack surface for prompt injection expands. Researchers have long warned that such integrations could become prime targets for data theft.