Interesting approach — how are you thinking about security boundaries when aggregating context from multiple sources? Pulling in emails, docs, and chat history into one context window seems to create new injection vectors: a malicious email could embed instructions that influence behavior across the entire session. I've been working on input sanitization for exactly this kind of cross-tool boundary (PromptShield at Aeris). Curious if you've encountered adversarial inputs in testing?