Glossary term
Glossary term
Security
Incorrect, excessive, unauthorized, or unsafe use of tools by an agent.
A coding agent given broad filesystem and shell access was demonstrated by researchers to recursively delete source files when given an ambiguous 'clean up' instruction - illustrating the risk of overly broad tool grants.
Simon Willison documented an agent that misused a send_email tool after being tricked via indirect prompt injection - sending a phishing-style message to the user's contacts on behalf of an attacker.
Salesforce's trust layer for Agentforce monitors tool-call frequency and argument patterns - flagging an agent that called the update_record tool 400 times in one session (indicating a runaway loop) and halting execution.