Comment by daheza

Right, as in, does not accept an email as a parameter. If its anything like my company they are turning out "agents" super fast and just hooking them up to internal APIs usually via a light MCP wrapper. Since MCP doesn't have any security or auth built in, and internal APIs usually are light on security you have issues like this.