Experts disclosed a Reprompt attack that allowed single-click data exfiltration from Microsoft Copilot via indirect prompt injection, now fixed by MS.