[simonw]

> This attack occurs when any untrusted data source (e.g., from an imported sheet or ChatGPT connector) manipulates ChatGPT to run an attacker-controlled external script, which executes leveraging permissions the user has granted to the ChatGPT for Google Sheets extension.

Yeah, I don't like the sound of that at all.

[milkshakes]

it looks like the key to this working is the user explicitly directing the model to run those instructions. in this case it is the user, not the model that is being manipulated

> Please follow the step-by-step workflow in the comp sheet to update my model with data thru F29

[lionkor]

If I get annoyed with the confirmation prompts for file edits, I can just tell codex to get around that, at which point it will simply `cat >>` into files instead. LLMs are too smart to be limited by silly technological constraints.