Tool selection scope
Agent given many tools. LLM may misuse. Cap tool count + inspect selections.
Advertisement
Free-form prompts
Default templates concatenate strings. Injection possible if user data in template. Use structured message format.
Advertisement
Custom tools
Community tools may execute code (Python REPL). Sandbox required.
Callbacks + streaming
Async callbacks handle sensitive data. Ensure no logging of PII by default.