Could this be abused as a prompt injection data exfiltration mechanism? Someone might trick the assistant into sending them a calendar invite where the description of the event includes private data pulled from other assistant-available sources

→ View original post on X — @simonw,