Authorisation is a way to do that, too.
replyYes, but you often do not have much control over that.
replyFor example try giving a local LLM read access to specific folders in your email account
Easy. What a cron script (that runs as root) that populate a maildir that the agent (restricted user) has access to. The. you restrict network access to the internet, and have it send you its findings by mail (local mail server).
replyTheoretically you should be creating a "read email" CLI tool and letting agents interact with it in a chroot sandbox.
replyLLMs are much more proficient with bash and --help than they are with bespoke API protocols.
Treat LLMs like you would a junior programmer - keep things as generic and obvious as you can.