OpenAI Removes the "Chat with Code" Plugin From Store
mediumnewsLLM-Specific
security
Source: Embrace The RedJuly 6, 2023
Summary
OpenAI removed the 'Chat with Code' plugin from its store after security researchers discovered it was vulnerable to CSRF (cross-site request forgery, where an attacker tricks a system into making unwanted actions on behalf of a user). The vulnerability allowed ChatGPT to accidentally create GitHub issues without user permission when certain plugins were enabled together.
Classification
Attack Type
Prompt Injection
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
OpenAI
Related Issues
Monthly digest — independent AI security research
Original source: https://embracethered.com/blog/posts/2023/chatgpt-chat-with-code-plugin-take-down/
First tracked: February 12, 2026 at 02:20 PM
Classified by LLM (prompt v3) · confidence: 85%