Tools should not be exeucted until all input guardrails have completed #624
Labels
enhancement
New feature or request
Comments
|
The guardrail is not considered a security boundary. There is always a chance that a user can craft a prompt that will pass thorough the guardrail. You can run the guardrail agent explicitly before invoking the main agent to get the behavior that you are looking for. |
But then I lose inference concurrency between the agent's main run and its guardrails. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What it says on the tin. Currently, tools that might take actions or impact an environment can be executed before all input guardrails have been completed. This might mean that a malicious prompt could call a tool with the intention of causing adverse effects before said prompt has been checked.
The text was updated successfully, but these errors were encountered: