outlook-automation

This document is a workflow spec that routes Outlook API operations through a third-party MCP (https://rube.app/mcp). It does not contain executable malware or hard-coded secrets, but it does centralize OAuth tokens and sensitive mailbox data with an external service and recommends behaviors (always fetch remote schemas, 'no API keys needed') that increase supply-chain and credential-exfiltration risk if the MCP is untrusted or compromised. Treat the MCP as a high-value target: verify its trustworthiness, limit OAuth scopes, and prefer direct integration when confidentiality of mailbox data is required.