AI agents are graduating from answering questions to taking actions — booking trips, editing files, calling APIs, submitting forms. That shift creates a new failure class: not wrong answers, but wrong actions. A small gap between what the user meant and what the agent assumed can have real-world consequences. Malicious content on a webpage can hijack the agent entirely.
This session translates Human-Agent Communication research into a four-question checklist any team can apply today: Can-do (capabilities and limits), Plan (what it intends to do), Doing (what it's changing right now), Done (what happened, with proof). We'll map concrete patterns to each stage — capability declarations, pre-commit diffs, scoped permissions, evidence receipts — and show how they reduce both accidental and adversarial failures.

By the end, attendees will be able to::

- Identify communication gaps that cause unwanted agent actions
- Recognize and defend against prompt injection in agentic pipelines
- Apply the Can-do / Plan / Doing / Done framework to agent UX design
- Implement scoped permission and approval patterns
- Evaluate trust trade-offs when deploying action-taking agents