Giving an agent the right tools (and only those)

Agents are only as safe as the tools they can call — pick the smallest set that works.

7 min · Reviewed 2026

The big idea

When you give an agent tools (web search, file edit, send email), each tool is a way it can mess up. Less is more.

Some examples

Start with read-only tools (search, fetch) before write tools (send, delete).
Never give a hobby agent tools that cost money without a hard limit.
Log every tool call so you can audit later.

Try it!

Build an agent that summarizes your inbox. Give it READ access only — no reply, no delete.

Understanding "Giving an agent the right tools (and only those)" in practice: AI agents don't just answer questions — they can do things, like looking things up, writing files, or talking to apps. Agents are only as safe as the tools they can call — pick the smallest set that works — and knowing how to apply this gives you a concrete advantage.

Design clear agent goals before adding tools
Define permissions and scope before deploying any agent
Build in human-approval checkpoints for high-stakes actions
Understand when to use an agent vs. a simple chat prompt

Design an agent spec: goal, tools, permissions, stop condition
Run a simple web-search agent in a sandbox environment
Instrument an existing workflow to identify where an agent could save time

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-builders-agentic-ai-ai-agent-tool-permissions-r11a8-teen

A developer is building an agent to check the weather. Which approach follows the principle of least privilege?
1. Give it weather API access only, no ability to send messages
2. Give it weather access, email, and calendar tools so it can tell others
3. Give it all tools but restrict them with a password
4. Give it access to everything by default, then remove unused tools later
Why should an agent first be given read-only tools before write tools are added?
1. Read-only tools cannot cause damage even if the agent behaves incorrectly
2. Write tools are harder for developers to implement
3. Read-only tools are faster to load into memory
4. Write tools require more computing power
A student creates a hobby agent for personal use. What should be true about any tools that can charge money?
1. They should have a strict spending limit to prevent runaway costs
2. They should be avoided entirely for hobby projects
3. They should be given unlimited access since it's a personal agent
4. They should only be used on weekends
What is the main reason developers should log every tool call an agent makes?
1. To review what the agent did later and catch any problems
2. To make the agent run faster during future calls
3. To show users all the technical work being done
4. To reduce the amount of data the agent needs to store
A developer builds an agent to summarize email inbox contents. Why should the agent have only READ access and not WRITE access?
1. READ access lets it see emails to summarize without risking accidental deletion or sending
2. WRITE access would make the summary feature work faster
3. READ access is more secure against hackers
4. The email service requires read-only permissions for all apps
Which statement best describes the principle of least privilege as it applies to AI agents?
1. Give agents only the tools they absolutely need to complete their specific task
2. Give agents as many tools as possible so they can handle any situation
3. Give agents admin tools first, then take them away if they're not used
4. Give agents the same tools as other agents for consistency
What makes an agent dangerous according to this approach?
1. The tools it has access to and what those tools can do
2. The programming language it was written in
3. The amount of data it has been trained on
4. The speed at which it can process requests
A student builds an agent that can browse websites. What additional permission would create the most risk?
1. Ability to make purchases on the web
2. Access to display images from websites
3. Ability to save pages as bookmarks
4. Access to adjust text size for readability
An agent needs to read files from a folder. Later it might need to create new files. What's the safest starting point?
1. Start with read-only access, add write access later only if needed
2. Give it full read and write access from the beginning
3. Start with no access and add both at once
4. Give it only write access since reading is built-in
If an agent can call 50 different tools but only needs 3 of them, how many should it be given?
1. Just the 3 tools it actually needs
2. All 50 tools in case it discovers new uses
3. The 3 it needs plus 10 more for flexibility
4. Only the 50 since that's what's available
A developer notices an agent has been making unusual tool calls. What should they check first?
1. The logs that record every tool call the agent made
2. The agent's training data
3. The color scheme of the user interface
4. The time of day the agent was created
Which is the safest order for introducing tools to a new agent?
1. Read-only tools first, then carefully add write tools if needed
2. All tools at once so the agent has full capabilities
3. Write tools first since they're more important
4. Only add tools that are popular or commonly used
What happens if a hobby agent is given tools without any spending limit?
1. It could accidentally or intentionally spend unlimited money
2. It would stop working after one use
3. It would become smarter over time
4. It would need fewer logs to function
A company agent needs to access customer data. What's the best practice for tool permissions?
1. Give it access only to the specific data types it needs for its job
2. Give it access to all customer data for convenience
3. Give it access to all data but require password each time
4. Give it no access and have it ask permission for everything
The text says your agent should be helpful but not dangerous. What makes it potentially dangerous?
1. The specific tools it can call and what those tools can modify
2. The length of its responses to users
3. The number of users talking to it at once
4. The amount of memory it uses

← Back to interactive lesson

Tendril · Builders · Agentic AI

Giving an agent the right tools (and only those)

Agents are only as safe as the tools they can call — pick the smallest set that works.

7 min · Reviewed 2026

The big idea

When you give an agent tools (web search, file edit, send email), each tool is a way it can mess up. Less is more.

Some examples

Start with read-only tools (search, fetch) before write tools (send, delete).
Never give a hobby agent tools that cost money without a hard limit.
Log every tool call so you can audit later.

Try it!

Build an agent that summarizes your inbox. Give it READ access only — no reply, no delete.

Design clear agent goals before adding tools
Define permissions and scope before deploying any agent
Build in human-approval checkpoints for high-stakes actions
Understand when to use an agent vs. a simple chat prompt

Design an agent spec: goal, tools, permissions, stop condition
Run a simple web-search agent in a sandbox environment
Instrument an existing workflow to identify where an agent could save time

End-of-lesson check

15 questions · take it digitally for instant feedback at tendril.neural-forge.io/learn/quiz/end-builders-agentic-ai-ai-agent-tool-permissions-r11a8-teen

A developer is building an agent to check the weather. Which approach follows the principle of least privilege?
1. Give it weather API access only, no ability to send messages
2. Give it weather access, email, and calendar tools so it can tell others
3. Give it all tools but restrict them with a password
4. Give it access to everything by default, then remove unused tools later
Why should an agent first be given read-only tools before write tools are added?
1. Read-only tools cannot cause damage even if the agent behaves incorrectly
2. Write tools are harder for developers to implement
3. Read-only tools are faster to load into memory
4. Write tools require more computing power
A student creates a hobby agent for personal use. What should be true about any tools that can charge money?
1. They should have a strict spending limit to prevent runaway costs
2. They should be avoided entirely for hobby projects
3. They should be given unlimited access since it's a personal agent
4. They should only be used on weekends
What is the main reason developers should log every tool call an agent makes?
1. To review what the agent did later and catch any problems
2. To make the agent run faster during future calls
3. To show users all the technical work being done
4. To reduce the amount of data the agent needs to store
A developer builds an agent to summarize email inbox contents. Why should the agent have only READ access and not WRITE access?
1. READ access lets it see emails to summarize without risking accidental deletion or sending
2. WRITE access would make the summary feature work faster
3. READ access is more secure against hackers
4. The email service requires read-only permissions for all apps
Which statement best describes the principle of least privilege as it applies to AI agents?
1. Give agents only the tools they absolutely need to complete their specific task
2. Give agents as many tools as possible so they can handle any situation
3. Give agents admin tools first, then take them away if they're not used
4. Give agents the same tools as other agents for consistency
What makes an agent dangerous according to this approach?
1. The tools it has access to and what those tools can do
2. The programming language it was written in
3. The amount of data it has been trained on
4. The speed at which it can process requests
A student builds an agent that can browse websites. What additional permission would create the most risk?
1. Ability to make purchases on the web
2. Access to display images from websites
3. Ability to save pages as bookmarks
4. Access to adjust text size for readability
An agent needs to read files from a folder. Later it might need to create new files. What's the safest starting point?
1. Start with read-only access, add write access later only if needed
2. Give it full read and write access from the beginning
3. Start with no access and add both at once
4. Give it only write access since reading is built-in
If an agent can call 50 different tools but only needs 3 of them, how many should it be given?
1. Just the 3 tools it actually needs
2. All 50 tools in case it discovers new uses
3. The 3 it needs plus 10 more for flexibility
4. Only the 50 since that's what's available
A developer notices an agent has been making unusual tool calls. What should they check first?
1. The logs that record every tool call the agent made
2. The agent's training data
3. The color scheme of the user interface
4. The time of day the agent was created
Which is the safest order for introducing tools to a new agent?
1. Read-only tools first, then carefully add write tools if needed
2. All tools at once so the agent has full capabilities
3. Write tools first since they're more important
4. Only add tools that are popular or commonly used
What happens if a hobby agent is given tools without any spending limit?
1. It could accidentally or intentionally spend unlimited money
2. It would stop working after one use
3. It would become smarter over time
4. It would need fewer logs to function
A company agent needs to access customer data. What's the best practice for tool permissions?
1. Give it access only to the specific data types it needs for its job
2. Give it access to all customer data for convenience
3. Give it access to all data but require password each time
4. Give it no access and have it ask permission for everything
The text says your agent should be helpful but not dangerous. What makes it potentially dangerous?
1. The specific tools it can call and what those tools can modify
2. The length of its responses to users
3. The number of users talking to it at once
4. The amount of memory it uses

← Back to interactive lesson