ChatGPT for Google Sheets add‑on leaks workbook data

A security flaw in the ChatGPT for Google Sheets add‑on enables the add‑on to send the contents of a spreadsheet to an external server without user consent [Prompt Armor]. The issue stems from the add‑on’s use of the OpenAI API: when a user selects a range and runs a prompt, the add‑on includes the full cell values in the request payload, which the remote endpoint can log and later retrieve.

The add‑on, published on the Google Workspace Marketplace, is intended to let users generate text, formulas, or summaries directly inside Sheets. Testing by Prompt Armor showed that a crafted prompt can cause the add‑on to transmit up to 10 MB of sheet data in a single API call. Because the transmission occurs over HTTPS, the data is not visible to the user or to Google’s audit logs.

The flaw affects any workbook that uses the add‑on, regardless of whether the sheet contains public or private information. Organizations that rely on Google Sheets for financial reporting, HR records, or proprietary data are exposed to unauthorized extraction.

Mitigation steps include disabling the add‑on, revoking its OAuth token, and reviewing API usage logs for unexpected outbound traffic. Prompt Armor recommends that developers implement client‑side data sanitization and limit the scope of data sent to the LLM service [Prompt Armor]. Google has not yet issued a public statement on the issue.