Security Policy Notes: Connections to arbitrary endpoints (broad host_permissions) are permitted as per application requirements. Sending timeline content to external LLMs is permitted as a core feature of the application.