With their latest functions update to the API it seems the logic is simply passing methods to call the API via JSON to a trained model and it predicts which function is best to call for the info, then OpenAI does the call for ChatGPT, then feeds the resulting Json back to ChatGPT which uses it to give an answer.
I wrote about some of these problem in the past e.g. see: https://embracethered.com/blog/posts/2023/chatgpt-plugin-vul... on how an attacker might steal your code.
Some other related posts about ChatGPT plugin vulnerabilities and exploits:
https://embracethered.com/blog/posts/2023/chatgpt-cross-plug...
https://embracethered.com/blog/posts/2023/chatgpt-webpilot-d...
Its not very transparent when and why a certain plugin gets invoked and what data is sent to it. One can only inspect afterwards basically.