Allow-lists Over Deny-listsWhen possible, define what is allowed (an allow-list) rather than trying to list everything that is not allowed (a deny-list). Deny-lists are notoriously difficult to get right and are often circumvented as new attack vectors are discovered. For example, for a parameter that expects a country code, validate against a known list of valid country codes.Handling Validation FailuresWhen validation or sanitization rules are violated, your tool shouldn't just crash or proceed with tainted data. It needs to:Reject the input clearly.Return an informative error message. This is especially important for LLM agents. A good error message can help the agent understand what went wrong and potentially correct its input on a subsequent attempt.For instance, if Pydantic validation fails, its ValidationError contains structured information about the errors. You can format this into a string that the LLM can parse or understand.# (Continuing the Pydantic SearchToolInput example) # ... # except ValidationError as e: # error_details = e.errors() # This is a list of dicts # # Construct a user-friendly message for the LLM # messages = [] # for error in error_details: # field = \" -> \".join(map(str, error['loc'])) # loc can be a path for nested models # msg = error['msg'] # messages.append(f\"Field '{field}': {msg}\") # error_summary = \"Input validation failed. \" + \"; \".join(messages) # return {\"status\": \"error\", \"message\": error_summary, \"details\": error_details} # llm_provided_input_very_wrong = {\"query\": \"Q\", \"max_results\": 200, \"extra_field\": \"test\"} # result = search_documents(llm_provided_input_very_wrong) # print(json.dumps(result, indent=2)) # Expected output might look like: # { # \"status\": \"error\", # \"message\": \"Input validation failed. Field 'query': ensure this value has at least 3 characters; Field 'max_results': ensure this value is less than or equal to 50; Field 'extra_field': extra fields not permitted\", # \"details\": [ # { /* Pydantic error details */ } # ] # }The goal is to provide enough information for the LLM (or a developer monitoring the agent) to understand the input requirements better.By diligently applying input validation and sanitization, you build a foundation of trust and reliability for your Python tools. This not only prevents errors and security vulnerabilities but also contributes to a more predictable and effective interaction between the LLM agent and its extended capabilities. Remember that any input originating from outside your direct control, including that generated by an LLM, requires careful scrutiny.","isAccessibleForFree":false,"hasPart":{"@type":"WebPageElement","isAccessibleForFree":false,"cssSelector":".login-required-content"}}