Agent #006 · Outbound
Email Personalization Agent: governance & failure modes
What this agent is built not to do, and the specific ways it can fail if misconfigured.
Governance notes
- This agent never sends email — no send permission, no send-trigger access, in any configuration. Every draft requires human review and approval before it enters a live sequence.
- Only approved, versioned proof points from the sanctioned library are usable — the agent cannot invent or reword a proof point on its own.
- The compliance check runs on every single draft, with no exceptions and no bypass path.
- Send-capable credentials are never attached to this workflow — verified explicitly in QA, not assumed.
Failure modes
- Draft gets auto-sent: prevented structurally — the n8n workflow uses read/draft-only sequencing-tool API scopes, and QA confirms no send-capable credential is ever attached.
- A fabricated stat slips through: every miss expands the versioned banned-claims list and is logged as a governance incident, not quietly patched and forgotten.
- Same generic draft regardless of persona: a QA test generates one draft per persona and asserts they meaningfully differ — if they don’t, the angle-selection config isn’t actually branching.
- Proof point used out of context: proof-point library entries require industry and persona tags before they’re eligible for selection at all.