Right, it doesn't have to be a technical attack to be a trust violation.
Imagine an inbox summarizing tool, where a malicious email can cause important security notifications to be buried.
Or a summary of upcoming tasks where users in certain targeted regions are "reminded" to vote on November 5th.