Does this do anything to resist prompt injection? It seems to me that structured exchange between an orchestrator and its single-tool-using agents would go a long way. And at the very least introduces a clear point to interrogate the payload.
But I could be wrong. Maybe someone reading knows more about this subject?
No comments yet.