Blog post Jun 18, 2026
From Approval to Action: The Executor That Re-Binds to the Proposal
Most agent frameworks let the act step trust what the caller sends at execute-time, not what a human approved. That's prompt-injection-at-execute. The fix is one rule: the executor re-binds to the stored proposal — the caller passes only an ID.