Tool Misuse Prevention
Limiting the blast radius.
Tool Misuse Prevention
Never give an agent rm -rf / capabilities.
Least Privilege
Give the agent the weakest tool possible to do the job.
- Need to read a file? Give
read_file, notexecute_shell. - Need to query DB? Give a read-only SQL connection.
Argument Validation
In your ToolNode, validate constraints.
if "delete" in sql_query: raise PermissionError
Hardcode these safety checks into the tool definition itself.