Tackles two distinct security failures in tool-using LLM agents: unauthorized external actions and exposure of sensitive plaintext inside the runtime before any final output check can intervene. Proposes a mechanism to reassert control over both the action surface and in-runtime data. Directly relevant to anyone deploying tool-calling agents where prompt injection or data leakage in the execution loop is a live risk.