[kyle-rb]

I guess what's unusual is that the scope includes inbox access.

IMO it's probably a bad idea to have an LLM/agent managing your email inbox. Even if it's readonly and the LLM behaves perfectly, supply chain attacks have an especially large blast radius (even more so if it's your work email).

[TeMPOraL]

It's a bit of a pickle, given that managing your inbox (or at least reading it, classifying and summarizing contents, identifying action items etc.) is one of the most valuable applications of LLMs today, especially if you move beyond software developers having LLMs write code for them.

[kyle-rb]

I do think it's a tempting use case, but there are precautions that up I would take if I was doing this sort of thing. Off the top of my head:

- Set up a separate inbox just for the agent, with a forwarding rule that passes on most things that land in my Gmail, but omits as many verification token/password reset emails as possible.

- Have the agent alert me when any sensitive emails do make it through, with suggestions on how to update the forwarding rule.