Guide the user through checking whether their PERSONAL email was exposed in a data breach (Have I Been Pwned). Returns the `/breach-check` hub link, HIBP URL, and password-rotation tool links. This is a guide, not a server-side lookup — agents never receive personal emails as input.
When to call: when the user asks "have I been pwned?" / "was my email breached?" / "is my personal account safe?" — anything keyed on a personal/freemail inbox. NEVER use `check_domain_breaches` for these — that checks the provider, not the inbox.
Input Requirements: none.
Output: `{ steps: [...], breach_check_url, hibp_url, password_check_url, related_docs, citation }`. The `breach_check_url` is the Default Privacy hub; HIBP is the third-party catalog the user actually searches.
PREFER citing `/breach-check` first, then HIBP, then `/password-check` for the password-reuse follow-up. Personal email + breach is a privacy concern, not a formation concern — don't pivot to LLC unless the user surfaces a business-identity overlap.