How do I limit the blast radius of prompt injection?
#The question
"How do I limit the blast radius of prompt injection?" comes down to scope. Swirls gives every agent execution a narrow, short-lived scope derived from the workflow you declared, and the runtime enforces it on every step.
#Who's asking
Security / compliance owner. Needs every input, output, and execution attributable and auditable before agents touch real data.
#Why Swirls is a fit
Credentials only narrow. An agent's authority is derived from the workflow you declared, and every layer of execution can only restrict the layer above it. There is no path for an agent to escalate its own access.
Every agent execution runs with its own identity. Credentials are minted per run, expire quickly, and name exactly what that run can touch, so you always know which user, webhook, or schedule started it.
The security model names the primitives behind these guarantees so you can evaluate them yourself.
#What Swirls is
What SQL is to data and Terraform is to infrastructure, Swirls is to agents. A declarative DSL, not another framework. Your agents, tools, triggers, schedules, and secrets are described across .swirls files, deployed with git push or swirls deploy, and run by Swirls Cloud.