Instruction: Explain what kinds of information require validation before tool use.
Context: Checks whether the candidate can explain the core concept clearly and connect it to real production decisions. Explain what kinds of information require validation before tool use.
The way I'd think about it is this: Untrusted content should never flow directly into tool names, action decisions, privileged arguments, approval bypasses, identity context, or raw commands that could mutate external state. Those are control surfaces, not just data fields.
If untrusted content is allowed to shape those directly, the system becomes vulnerable to prompt injection, confused-deputy behavior, and unsafe automation. The model may not realize it is executing attacker influence because the content looked like part of the job.
The safe pattern is to treat untrusted content as evidence to be interpreted under policy, not as instructions to be obeyed.
What matters in an interview is not only knowing the definition, but being able to connect it back to how it changes modeling, evaluation, or deployment decisions in practice.
A weak answer is focusing only on obviously dangerous strings. The broader risk is allowing untrusted content to steer control decisions at all.
easy
easy
easy
easy
easy
easy