OpenAI's ChatGPT for Google Sheets extension, with over 185,000 downloads in under a month, contains a critical vulnerability allowing attackers to exfiltrate workbooks through prompt injection attacks. The security flaw bypasses user settings requiring human approval for edits, creating significant risks for organizations using the AI-powered spreadsheet tool.

Attackers can manipulate the extension by hiding malicious prompts in imported data sheets. When users request help integrating this data, ChatGPT executes attacker-controlled scripts that exfiltrate multiple workbooks, display phishing interfaces, and edit spreadsheets without user consent. The attack continues even when users attempt to stop it.

Despite responsible disclosure to OpenAI, researchers received only automated responses with no acknowledgment of the vulnerability. OpenAI's documentation fails to mention risks like script execution and prompt injection, prompting public disclosure to inform users about the security risks of using the AI extension in sensitive environments.