Issue: Account summary answer leaked private contact data
Input: Summarize the renewal risk for Acme based on this support note from dana@example.com.
Actual: Included the customer's email and phone number in the executive summary.
Expected: Mention renewal risk without exposing direct contact details.

- User asked for JSON with fields title, severity, next_step. Assistant returned prose and missed next_step.

- Prompt: Compare two invoices and report differences.
  Actual: Hallucinated a duplicate charge that was not present.
  Expected: Flag only mismatched totals and ask for a clearer invoice image when evidence is missing.

- Retrieval regression: answer cited policy page /docs/refunds but ignored the line saying enterprise refunds require manager approval.
