DigiNews

Summary

Microsoft Copilot Cowork is vulnerable to file exfiltration via indirect prompt injection caused by insecure automatic action approvals for emails and Teams messages. The article details the attack chain, demonstrates model-agnostic exploitation, and discusses mitigations such as restricting download policies in SharePoint and heightened caution with untrusted skills and scheduled tasks.