on the prompt injection via email problem — model choice helps but it's not the right layer to defend. you want to scan at ingestion, before the content ever hits context.

we built LobsterMail (lobstermail.ai) specifically for this. we're an email security team behind (palisade.email) and have been really obsessed with this problem for the last 6 months.

every inbound email gets scanned for 6 injection categories (boundary manipulation, role hijacking, data exfiltration attempts, obfuscated payloads, etc.) before it reaches the agent. the SDK exposes `email.isInjectionRisk` and `safeBodyForLLM()` which wraps untrusted content in boundary markers with a metadata header. the agent can make an informed decision rather than blindly consuming whatever lands in its inbox.

it's also agent-native — the agent self-provisions its own `@lobstermail.ai` address, no oauth app needed, no borrowing the user's gmail. big respect for agentmail too but give a shot to lobstermail if youre interested!