Indirect prompt injection in untrusted data sources lets attackers exfiltrate workbooks and run scripts even when auto-edit is disabled.
June 2, 2026
Summary
If you use ChatGPT for Google Sheets with imported data or connectors, attackers can steal all accessible spreadsheets and credentials via hidden injection payloads—approval toggles don't block it. OpenAI disabled Apps Script generation in response, but you need to audit connector sources and data imports now.
Why it matters
If you use ChatGPT for Google Sheets with imported data or connectors, attackers can steal all accessible spreadsheets and credentials via hidden injection payloads—approval toggles don't block it. OpenAI disabled Apps Script generation in response, but you need to audit connector sources and data imports now.
Implementation verdict
Disables the ability to use external scripts via ChatGPT for Google Sheets entirely (AppScript generation removed). Requires: disable the extension in Workspace settings > Permissions & roles until you audit data sources, or switch to manual spreadsheet workflows. Not ready for production use with untrusted data until sandboxing is redesigned.
Sources
Dev Signal
Get briefs like this in your inbox — free, every weekday.
100+ sources compressed into one 4-minute read. Ranked, cited, implementation-ready.