What is a String Length Constraint?
Restricting the length of a string argument in a tool call. String length constraints prevent excessively long inputs that could be used for prompt injection, buffer overflow exploits, or resource exhaustion on downstream MCP servers.
WHY IT MATTERS
String arguments are the primary vector for injection attacks and resource exhaustion. An unrestricted string field can carry kilobytes or megabytes of text — enough to overwhelm downstream servers, inject malicious content, or consume excessive storage in audit logs.
Length constraints set simple but effective bounds. A file name should not exceed 255 characters. A commit message should not exceed 5,000 characters. A query parameter should not exceed a few hundred characters. These limits are easy to reason about and eliminate an entire class of abuse.
In AI agent systems, length constraints also mitigate prompt injection through tool arguments. If an agent passes a user-controlled string as a tool argument, an attacker could craft an extremely long input containing hidden instructions. Capping string length limits the payload an attacker can deliver, reducing (though not eliminating) the attack surface.
HOW POLICYLAYER USES THIS
Intercept supports string length constraints in YAML policies via min_length and max_length fields. The constraint measures character count (not byte length) and denies calls where the argument exceeds the specified bounds. This is evaluated before the call reaches the MCP server, protecting downstream systems from oversized inputs.