Quick Start
How It Works
Auto-protected built-ins includeduckduckgo, web_search, tavily_search, scrape_page, fetch_url, and others in the external tools set. MCP tools can be marked at registration time.
| Condition | Action |
|---|---|
| Trusted tool | Result unchanged |
| External + string ≥ 32 chars | Wrapped in <external_tool_result> |
| External + string < 32 chars | Unchanged (overhead skip) |
| External + dict/list | JSON-serialised then wrapped |
Configuration Options
| Option | Type | Default | Description |
|---|---|---|---|
trust_level | "trusted" | "external" | "trusted" | Set on register_tool(..., trust_level="external") |
MIN_CONTENT_LENGTH_FOR_WRAPPING | int | 32 | Minimum string length before wrapping |
Best Practices
Mark external data sources as external
Mark external data sources as external
Web APIs, scraping, MCP servers you do not control, and third-party feeds should use
trust_level="external".Do not strip safety markers
Do not strip safety markers
Removing
<external_tool_result> tags breaks the model’s boundary between data and instructions.Prefer external when unsure
Prefer external when unsure
Wrapping cost is minimal; under-marking exposes you to injection.
Layer with other guards
Layer with other guards
Combine with Tool Circuit Breaker and input validation for defence in depth.
Related
Tool Circuit Breaker
Automatic tool failure detection and recovery
Security Overview
Complete security features and best practices

