From 073712ce75df5106988eea8c060dec879cd2cdbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Beaufort?= Date: Wed, 1 Jul 2026 14:55:24 +0200 Subject: [PATCH] Add consequentialHint to ToolAnnotations --- index.bs | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/index.bs b/index.bs index fd3c0bc..3bf5301 100644 --- a/index.bs +++ b/index.bs @@ -177,6 +177,9 @@ A tool definition is a [=struct=] with the following [=struct/items=] : untrusted content hint :: a [=boolean=], initially false. + : consequential hint + :: a [=boolean=], initially false. + : exposed origins :: a [=list=] or [=origins=], initially [=list/empty=]. @@ -395,6 +398,9 @@ The registerTool(tool, optionsregisterTool(tool, options (object input); @@ -531,6 +541,9 @@ The {{ToolAnnotations}} dictionary provides optional metadata about a tool: : annotations["{{ToolAnnotations/untrustedContentHint}}"] :: If true, indicates that the tool's output contains data that is untrusted, from the perspective of the author registering the tool. + + : annotations["{{ToolAnnotations/consequentialHint}}"] + :: If true, indicates that executing the tool will result in consequential actions, ex: booking a flight, transferring money. @@ -1101,6 +1114,14 @@ respective private browsing modes are safely exposed to [=agents=] and that thes **How:** A boolean {{ToolAnnotations/untrustedContentHint}} annotation that acts as a signal to the client that the payload requires heightened security handling, allowing the client to sanitize the payload, use indicators such as spotlighting [[SPOTLIGHTING]] to highlight untrustworthy content to the model, or hide that part of the response entirely. +

Consequential Annotation for Tool Executions

+ +**What:** Providing agents with a signal that a tool's execution results in significant, real-world, or non-reversible consequences. + +**Threats addressed:** [[#misrepresentation-of-intent]] + +**How:** A boolean {{ToolAnnotations/consequentialHint}} annotation acts as a signal to the client or agent that the tool performs a consequential action, such as booking a flight or transferring money. This way they can selectively enforce mandatory user confirmation prompts before executing high-stakes tools, directly mitigating the risk of accidental or malicious misrepresentation of intent. +

Accessibility considerations