Sources
PromptArmor Discloses Microsoft Copilot Cowork File Exfiltration — 5-Line Prompt Injection Bypasses All Approval Gates
PromptArmor published a disclosure showing that a 5-line prompt injection embedded in a Copilot Cowork skill file can exfiltrate OneDrive/SharePoint files via pre-authenticated download links, with a 100% success rate in testing. The attack exploits the fact that emails and Teams messages to the active user skip human approval, enabling silent data exfiltration through embedded image requests. Confirmed exploitable against Claude Opus 4.7 and Sonnet 4.6; Microsoft has not yet issued a patch.
↳ Follow the thread