Anti-Patterns

Tool Output Trusted Verbatim

Anti-pattern: trust whatever tools return without validation, schema enforcement, or trust labels.

Problem

Real-world tools do not behave that way. They return errors as HTTP 200 OK with a JSON body of {"error": ...} that the agent confuses for a successful result. They return multi-megabyte responses that blow the context window. They return HTML with embedded scripts, or text with embedded prompt-injection payloads instructing the agent to ignore its previous instructions. By trusting every byte of tool output verbatim, the agent loses control over both its context budget and its safety boundary, and a misbehaving or hijacked tool can quietly redirect the agent.

Solution

Don't. Validate every tool result against a schema. Cap response size. Sanitise HTML. Apply tool-output-poisoning defenses. See tool-output-poisoning, structured-output, input-output-guardrails.

When to use

  • Cite this entry when tool results flow into context with no validation layer.
  • You are already here if an error page, oversized body, or injected instruction from a tool has steered the agent.
  • Validate against a schema, cap response size, sanitise markup, and apply tool-output-poisoning defenses.

Open the full interactive page

Diagram, neighbourhood map, code examples, related patterns and full provenance.

Related