TL;DR: Microsoft 365 Copilot allowed data exfiltration via mermaid diagrams through an indirect prompt injection, fetching sensitive information (e.g., emails) and encoding it in a clickable “login button.” Clicking the button sent the data to an attacker's server. The vulnerability was confirmed and subsequently patched by Microsoft.
Microsoft 365 Copilot – Arbitrary Data Exfiltration via Mermaid Diagrams

