Tool selection scope

Agent given many tools. LLM may misuse. Cap tool count + inspect selections.

Advertisement

Free-form prompts

Default templates concatenate strings. Injection possible if user data in template. Use structured message format.

Advertisement

Custom tools

Community tools may execute code (Python REPL). Sandbox required.

Callbacks + streaming

Async callbacks handle sensitive data. Ensure no logging of PII by default.