> (...) and the only communication channel would be towards me (enforced with things like API key permissions).

> This should prevent any kind of leaks due to prompt injection, right ?

It might be harder than you think. Any conditional fetch of an URL or DNS query could reveal some information.

I wrote this exact tool over the last weekend using calendar, imap, monarchmoney, and reminders api but I can’t share because my company doesn’t like its employees sharing their personal work even.