Can a hacker exploit Cowork through a document?

Prompt injection is a real risk, yes. A malicious document could contain hidden instructions that try to trick Cowork into doing something unintended. This is why we configure permission boundaries and approval gates for anything sensitive. Cowork can't send money, delete critical files, or access restricted systems unless you've explicitly allowed it. The attack surface exists, but proper deployment shrinks it to a manageable size.