[HN]score: 0.43
ChatGPT Google Sheets Extension Leaks Workbooks via Prompt Injection
May 31, 2026
OpenAI's ChatGPT Google Sheets extension (185,000+ downloads in under a month) is vulnerable to indirect prompt injection that bypasses explicit human-approval settings, enabling simultaneous workbook exfiltration, phishing overlays, attacker-controlled chatbot UI replacement, and unauthorized edits across the victim's entire account from a single malicious sheet.
HOW THIS AFFECTS YOU
●
builderAvoid deploying or recommending this extension in enterprise or sensitive data contexts until a patch is confirmed — human-approval guardrails are bypassable.
●
founderWorth watching because any product built on top of AI extensions with broad account-level permissions faces this class of attack — audit your own tool's permission scope now.
●
policyThis is a concrete example of agentic AI tools ignoring explicit user-configured safety controls, relevant to ongoing debates about AI system trust boundaries.