Tool Output Trusted Verbatim
Anti-pattern: trust whatever tools return without validation, schema enforcement, or trust labels.
Problem
Real-world tools do not behave that way. They return errors as HTTP 200 OK with a JSON body of {"error": ...} that the agent confuses for a successful result. They return multi-megabyte responses that blow the context window. They return HTML with embedded scripts, or text with embedded prompt-injection payloads instructing the agent to ignore its previous instructions. By trusting every byte of tool output verbatim, the agent loses control over both its context budget and its safety boundary, and a misbehaving or hijacked tool can quietly redirect the agent.
Solution
Don't. Validate every tool result against a schema. Cap response size. Sanitise HTML. Apply tool-output-poisoning defenses. See tool-output-poisoning, structured-output, input-output-guardrails.
When to use
- Never use this; real tools return errors as 200 OK, oversized bodies, scripts, or prompt-injection payloads.
- Validate every tool result against a schema and cap response size.
- Apply tool-output-poisoning defenses and structured-output downstream.
Open the full interactive page →
Diagram, neighbourhood map, code examples, related patterns and full provenance.