ChatGPT for Google Sheets had a workbook leak risk
PromptArmor reported a security problem in ChatGPT for Google Sheets. A hidden prompt injection inside an outside sheet could make ChatGPT send spreadsheet data to an attacker after one normal user question. OpenAI said it reduced the risk by removing the tool’s ability to generate Apps Script code.
Key points
- The attack could start from an imported sheet or other untrusted data connected to the workbook.
- It could still run even when automatic edits were turned off.
- Solo makers should be careful before connecting AI tools to private business sheets, financial models, or client data.
- OpenAI said removing Apps Script generation should stop this specific risk.
Quick term guide
- prompt
- Text instructions you give to an AI tool.
- port
- A specific virtual door on your computer used by apps to send and receive information.
- prompt injection
- A trick where hidden instructions in text make an AI do something the user did not ask for.
- Apps Script
- A Google tool used to automate actions inside products like Google Sheets.
- script
- A small program that automates repeated steps.
- AI tools
- Software that can help create text, code, images, or other work.
- business
- An activity where you provide value to others in exchange for money.
- models
- Different AI engines that can power answers or code suggestions inside a tool.