So zero click is only if you do not use a mouse on your computer or if it works without turning the computer on?

No, zero click requires no interaction from the user. For a hypothetical example simply having a phone on a cellular network and being susceptible to base-band attacks. No interaction needed, just existing.

Agree with other comments here - no need for the user to engage with anything from the malicious email, only to continue using their account with some LLM interactions. The account is poisoned even for known safe self initiated interactions.