The ChatGPhish technique disclosed by Permiso Security exploits ChatGPT's rendering of Markdown from third-party summaries to embed live phishing links, auto-fetch images that leak user metadata, and even spoof system alerts or QR codes. This goes beyond conventional prompt injection by weaponizing the implicit trust users place in the AI interface itself, turning routine research tasks into silent delivery mechanisms for social engineering. While the original Hacker News coverage focuses on the technical mechanics, it underplays the broader pattern emerging across agentic AI systems, including Adversa AI's recent SymJack and TrustFall attacks on coding agents that achieve remote code execution via malicious repositories and MCP server hijacking. These incidents reveal a systemic failure in sandboxing external content within trusted AI contexts, echoing earlier cross-prompt injection findings in Microsoft Copilot from March 2025. Organizations accelerating AI adoption for productivity risk expanding their attack surface from email gateways to browser-based summarization, bypassing traditional filters. The missed element in initial reporting is the geopolitical angle: state actors could leverage such vectors for targeted intelligence collection on corporate research habits, amplifying supply-chain risks in an era of hybrid threats.