Risk
Unsafe Consumption of Agent Output by Downstream Systems
Description
Agent or model output is consumed by downstream systems without validation — generated code executed, SQL run, HTML rendered, tool arguments interpolated into shells — turning the model into an injection vector.
Example
An agent’s generated SQL is executed directly against production; a crafted prompt makes it emit a destructive query that the harness runs without review.
Assets Affected
Model Response
Tool
Agent Harness
AI App
Mitigation
- Treat agent output as untrusted input
- schema-validate and sanitize before execution
- parameterize queries
- sandbox generated-code execution
- require approval for high-impact outputs.
Standards Mapping
- ISO: A.6.2.5
- OWASP agentic: ASI05
- OWASP LLM: LLM05:2025
- EU AI Act: Art. 15(5)
- DASF: Agents-Core 13.11