Prevent prompt injection with defense-in-depth: treat all user/tool content as untrusted, lock down tool permissions, require source-grounded answers, and add verification + monitoring. The goal isn’t “perfect blocking,” but limiting blast radius so injected instructions can’t exfiltrate data, override policies, […]