diff --git a/.pr_agent_accepted_suggestions.md b/.pr_agent_accepted_suggestions.md index 1322b09..1f68b32 100644 --- a/.pr_agent_accepted_suggestions.md +++ b/.pr_agent_accepted_suggestions.md @@ -1,3 +1,162 @@ +
                     PR 382 (2026-01-18)                     + +
+ + + +
[high-level] Sending full email content externally poses a major privacy risk + +___ + +✅ Sending full email content externally poses a major privacy risk + + + + + +**The code sends the full body of multiple emails to an external AI, creating a significant privacy and security risk. This should be addressed with data sanitization, summarization, or user consent before being merged.** + + +### Examples: + + + + + +testloader.js [1395-1428] + + + + +```javascript + results.forEach(function (m, i) { + var body = String(m.getBody() || ""); + var preview = body.replace(/\r/g, "").replace(/\n+/g, " ").substr(0, previewLen); + + var text = "#" + String(i) + + " | From: " + String(m.getSenderEmailAddress()) + + " | To: " + String(m.mail.To || "") + + " | Subject: " + String(m.getSubject()) + + " | Received: " + String(m.getReceivedTime()); + + + ... (clipped 24 lines) +``` + + + + + +### Solution Walkthrough: + + + +#### Before: +```javascript +function outlook_open_outlook_with_chatgpt() { + var prompt_texts = []; + var results = outlook.searchBySenderOrRecipientContains(keyword); + + results.forEach(function (m, i) { + var body = String(m.getBody() || ""); // Get full email body + + // Add email metadata to prompt + prompt_texts.push(...); + + // Add FULL, raw email body to prompt + prompt_texts.push(" Body: " + body); + }, 10); + + var prompt_text_completed = prompt_texts.join("\r\n"); + + // Send the entire collected text, including full email bodies, to OpenAI + var response_text = LIE.create().setProvider("openai").inference(prompt_text_completed, 0).join(' '); +} + +``` + + + +#### After: +```javascript +function outlook_open_outlook_with_chatgpt() { + var prompt_texts = []; + var results = outlook.searchBySenderOrRecipientContains(keyword); + + results.forEach(function (m, i) { + var body = String(m.getBody() || ""); + + // Example: Sanitize or summarize the body before adding it to the prompt + var processed_body = sanitizeAndSummarize(body); + + // Example: Obtain user consent before processing sensitive data + if (!confirm("Allow sending content of email '" + m.getSubject() + "' to AI?")) { + return; // Skip if user denies + } + + prompt_texts.push(" Body: " + processed_body); + }, 10); + + var prompt_text_completed = prompt_texts.join("\r\n"); + var response_text = LIE.create().setProvider("openai").inference(prompt_text_completed, 0).join(' '); +} + +``` + + + + +Suggestion importance[1-10]: 10 + +__ + +Why: The suggestion correctly identifies a critical privacy and security vulnerability where full, unsanitized email bodies are sent to an external AI service, which is a major design flaw with severe implications. + +___ + +
+ + + +
[general] truncate full body input + +___ + +✅ truncate full body input + + + + + +**Truncate the full email body to a maximum length before adding it to prompt_texts to avoid exceeding the AI model's context window.** + +[testloader.js [1411]](https://github.com/gnh1201/welsonjs/pull/382/files#diff-a0a90600928bcca35f3491bcc014ca7e144f2a31ab9f38f86086e13a4305e546R1411-R1411) + +```diff +-prompt_texts.push(" Body: " + body); ++var maxBodyLen = 1000; ++prompt_texts.push(" Body: " + body.substr(0, maxBodyLen)); +``` + + + + + + +Suggestion importance[1-10]: 6 + +__ + +Why: The suggestion addresses a potential issue where sending a very long email body could exceed the AI model's context window, causing an error. + +___ + +
+ +___ + + +
                     PR 378 (2025-12-22)                    
@@ -212,6 +371,8 @@ ___ + +
                     PR 377 (2025-12-21)                    
@@ -310,6 +471,8 @@ ___ + +
                     PR 375 (2025-12-20)                    
@@ -396,6 +559,8 @@ ___ + +
                     PR 372 (2025-12-17)                    
@@ -492,6 +657,8 @@ ___ + +
                     PR 370 (2025-12-14)                    
@@ -648,6 +815,8 @@ ___ + +
                     PR 360 (2025-12-06)                    
@@ -702,6 +871,8 @@ ___ + +
                     PR 359 (2025-12-05)                    
@@ -809,6 +980,8 @@ ___ + +
                     PR 358 (2025-12-04)                    
@@ -948,6 +1121,8 @@ ___ + +
                     PR 357 (2025-12-03)                    
@@ -1085,6 +1260,8 @@ ___ + +
                     PR 356 (2025-12-02)                     @@ -1147,6 +1324,8 @@ ___ + + @@ -1211,6 +1390,8 @@ ___ + + @@ -1342,6 +1523,8 @@ ___ + + @@ -1405,6 +1588,8 @@ ___ + + @@ -1470,6 +1655,8 @@ ___ + + @@ -1618,6 +1805,8 @@ ___ + + @@ -1721,6 +1910,8 @@ ___ + + @@ -1883,6 +2074,8 @@ ___ + + @@ -1988,6 +2181,8 @@ ___ + + @@ -2063,6 +2258,8 @@ ___ + + @@ -2166,6 +2363,8 @@ ___ + + @@ -2300,6 +2499,8 @@ ___ + + @@ -2395,6 +2596,8 @@ ___ + + @@ -2565,6 +2768,8 @@ ___ + + @@ -2753,6 +2958,8 @@ ___ + + @@ -2968,6 +3175,8 @@ ___ + + @@ -3060,6 +3269,8 @@ ___ + + @@ -3201,6 +3412,8 @@ ___ + + @@ -3321,6 +3534,8 @@ ___ + + @@ -3423,6 +3638,8 @@ ___ + + @@ -3522,6 +3739,8 @@ ___ + + @@ -3631,6 +3850,8 @@ ___ + + @@ -3751,6 +3972,8 @@ ___ + + @@ -3928,6 +4151,8 @@ ___ + + @@ -4074,6 +4299,8 @@ ___ + +