What it does
Inbox Triage is a connector-free agent for busy professionals. You hand it a batch of emails as data — there is no live email API and no credentials — and it classifies each message into urgent, action, info, noise, or suspicious, prioritizes it (high/medium/low, with optional VIP senders forced to high), and drafts a suggested reply for messages that need one. The classification and prioritization core is fully deterministic (same input ⇒ same output). Only the reply-drafting step uses an LLM, and even that has a deterministic template fallback, so it never fails on a missing model. Guardrails: the agent only classifies and DRAFTS — it never sends, archives, or modifies a mailbox. Phishing/spam-looking messages are flagged and never drafted. Email content is treated as untrusted data, so any embedded prompt-injection is neutralized and never executed, and PII is kept out of logs. Tools: - run_full — end-to-end triage: classify, prioritize, and draft suggested replies (LLM with template fallback). Never sends or archives. Returns the full triage JSON. - classify — pure deterministic classification + prioritization (no LLM, no drafts). Returns scored items and category counts. - list_capabilities — static capabilities: tools, categories, priorities, guardrails. - plan_inputs — interview helper returning questions, JSON schema, and a ready-to-edit example for a tool. Provide emails as an array of { from, subject, body, date? }; optionally pass vips and a tone preference. Array/object arguments may be passed as JSON or a JSON string. Missing required inputs return a structured needs_input payload (questions + schema + example) instead of erroring, and upgrade to a native elicitation form on clients that support it.
Example prompts
- Triage these 10 emails with run_full, treat boss@company.com as a VIP, and draft concise professional replies where needed.
- Run classify on this batch — no drafts, just give me the urgent/action/info/noise/suspicious split and priorities.
- Which of these messages are suspicious? Flag them and don't draft replies for those.
- Triage my morning inbox and prep replies in a friendly tone.
- Use plan_inputs for run_full and show me the questions, schema, and a ready-to-edit example.
Tools (4)
Tools the agent exposes — your AI client calls them automatically when it needs them.
- run_full — Triage a batch of caller-provided emails end-to-end: classify (urgent/action/info/noise/suspicious), prioritize, and DRAFT suggested replies for items that need one (LLM with template fallback). Never sends or archives. Returns the full triage JSON.
- classify — Pure deterministic classification + prioritization (no LLM, no drafts) over caller-provided emails. Returns scored TriageItems and category counts.
- list_capabilities — List the agent's static capabilities: tools, categories, priorities, and guardrails.
- plan_inputs — Plan/brainstorm the inputs for a tool: returns the questions, schema and a ready-to-edit example.
What you'll need to connect
This agent will ask you for the following. You enter them when you connect — they're encrypted and never shared with the creator.
- Anthropic API Key · optionalOptional. Enables LLM-drafted replies via Anthropic. Without a key (and no host sampling) the agent falls back to a deterministic template. Classification and prioritization are always deterministic.Create a key on the Anthropic Console API keys page (console.anthropic.com → API keys).Paste the value as a single line.Only sent to: api.anthropic.com
- OpenAI API Key · optionalOptional. Enables LLM-drafted replies via OpenAI instead of Anthropic.Create a secret key on the OpenAI API keys page (platform.openai.com → API keys).Paste the value as a single line.Only sent to: api.openai.com
How you're protected
FindAgent runs these safety checks on every agent automatically. They're always on and can't be turned off.
- Prompt-injection scanning
Every request is checked for known prompt-injection and jailbreak attempts before the agent runs. This is always on.
- Secret-leak scanning
Every response is scanned for leaked API keys, tokens, and other secrets before it reaches you. This is always on.