SAIL 2.0

/

Deploy - Runtime Guardrails

/

Unsafe Consumption of Agent Output by Downstream Systems

5.19

.

Unsafe Consumption of Agent Output by Downstream Systems

sail
5.19
Risk

Unsafe Consumption of Agent Output by Downstream Systems

Description

Agent or model output is consumed by downstream systems without validation — generated code executed, SQL run, HTML rendered, tool arguments interpolated into shells — turning the model into an injection vector.

Example

An agent’s generated SQL is executed directly against production; a crafted prompt makes it emit a destructive query that the harness runs without review.

Assets Affected

Model Response

Tool

Agent Harness

AI App

Mitigation
  • Treat agent output as untrusted input
  • schema-validate and sanitize before execution
  • parameterize queries
  • sandbox generated-code execution
  • require approval for high-impact outputs.
Standards Mapping
  • ISO: A.6.2.5
  • OWASP agentic: ASI05
  • OWASP LLM: LLM05:2025
  • EU AI Act: Art. 15(5)
  • DASF: Agents-Core 13.11