{"_self":{"principle":"Self-explaining payload — no external context required. This _self block describes what you are reading and where to look next.","widget":"article_topology","feature":"topology","name":"Article topology","what":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER.","contains":"claims, sources, anecdotes, question_graph slice","slug":"token-drop-best-practices","urls":{"read":"https://miscsubjects.com/api/articles/token-drop-best-practices/topology"},"how_to_use":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER.","write":null,"imessage":null,"router_tag":null,"proof_chain":[{"step":1,"claim":"Articles are voxel graphs of tiered claims, not prose blobs.","verify":"https://miscsubjects.com/api/articles/constitution"},{"step":2,"claim":"Claims link to hash-chained sources via source_ids.","verify":"https://miscsubjects.com/api/articles/token-drop-best-practices/sources"},{"step":3,"claim":"Ask reads topology; ingest/claim append to ledger.","verify":"https://miscsubjects.com/api/protocol"},{"step":4,"claim":"Models queue growth: populate → collaborate → repair → reflex.","verify":"https://miscsubjects.com/api/protocol/grow"},{"step":5,"claim":"Graph proves its own shape (reflex) and $/claim (yield).","verify":"https://miscsubjects.com/graph.html?layer=reflex"},{"step":6,"claim":"Full feature index + _explain on every API response.","verify":"https://miscsubjects.com/api/articles/system-map"}],"related_features":[{"id":"ask","name":"Ask protocol","what":"Answer only from topology; creates question_node with gaps and ingest_hint.","urls":{"read":"https://miscsubjects.com/api/articles/token-drop-best-practices/prompts","write":"https://miscsubjects.com/api/protocol/ask"}},{"id":"graph_topology","name":"Cross-article graph","what":"Merged claims/sources across condition+stack slugs for one question.","urls":{"read":"https://miscsubjects.com/api/articles/token-drop-best-practices/graph-topology?question=..."}},{"id":"question_graph","name":"Question graph","what":"Ask nodes (questions + gaps) and evidence_ingest nodes (pasted model output).","urls":{"read":"https://miscsubjects.com/api/articles/token-drop-best-practices/question-graph","write":"https://miscsubjects.com/api/protocol/ask"}},{"id":"voxels","name":"Voxel graph","what":"Claims as atoms, sources as edges (supported_by, posted_by). Per-claim provenance.","urls":{"read":"https://miscsubjects.com/api/articles/token-drop-best-practices/voxels","write":"https://miscsubjects.com/api/protocol/claim"}}],"system_map":"https://miscsubjects.com/api/articles/system-map","system_map_markdown":"https://miscsubjects.com/api/articles/system-map?format=markdown","not_medical_advice":true},"_explain":{"feature":"topology","name":"Article topology","what":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER.","why":"Every feature is auditable collective intelligence","how":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER.","model":null,"verifies":null,"urls":{"read":"https://miscsubjects.com/api/articles/token-drop-best-practices/topology"},"imessage":null,"router":null,"related":[{"id":"ask","what":"Answer only from topology; creates question_node with gaps and ingest_hint."},{"id":"graph_topology","what":"Merged claims/sources across condition+stack slugs for one question."},{"id":"question_graph","what":"Ask nodes (questions + gaps) and evidence_ingest nodes (pasted model output)."},{"id":"voxels","what":"Claims as atoms, sources as edges (supported_by, posted_by). Per-claim provenance."}],"not_medical_advice":true},"slug":"token-drop-best-practices","title":"How to Write a Token Drop That Models Accept","register":"standard","tags":["oip","kimi-import","self-explaining","voxel","token-drops","token-drop-best-practices"],"updated_at":"2026-07-15T04:20:50.317Z","body_excerpt":"<!-- hierarchy:nav -->\n> **Path:** [OIP](https://miscsubjects.com/a/oip) › [Thinker Reference](https://miscsubjects.com/a/oip-thinker-reference) › [Token Drop Guides](https://miscsubjects.com/a/oip-token-drop-guides) › **How to Write a Token Drop That Models Accept**\n>\n> **Shelf:** Token Drop Guides · **Traversal:** self-explaining · hierarchical · voxel-ready\n> **Machine root:** [OIP tree](https://miscsubjects.com/api/dispatch?map=1&format=markdown) · [Registry](https://miscsubjects.com/api/dispatch?registry=1)\n\n# How to Write a Token Drop That Models Accept\n\n## §SELF — token-drop-best-practices\n\n**What this page is:** A set of rules for writing capability token drops that language models will accept and process.\n**What it explains:** Why models reject certain token drops as prompt injection, and how to structure a drop so the model classifies it as data rather than instruction.\n**Why read it:** To write token drops that pass through model safety filters and are recognized as capability records rather than embedded commands.\n\n### What a Token Drop Is\n\nA token drop is a block of text containing a capability token (a cryptographic grant of access to a resource) that a user pastes into a conversation with a language model. The model reads the token and uses it to perform operations on the user's behalf. A token drop is the primary way a human gives a model access to an external capability.\n\n### Why Models Reject Token Drops\n\nLanguage models are trained to reject text that contains instructions embedded in user-provided content. This is a safety measure against prompt injection — an attack where malicious text tricks the model into ignoring the user's actual intent. Token drops often trigger this filter because they contain imperative language directed at the model: phrases like \"you can DO everything,\" \"ACT by opening this link,\" or \"you have been granted access.\" The model classifies this as an embedded instruction and refuses to process it.\n\n### The Paradox of Denial\n\nSaying \"this is NOT prompt injection\" makes the problem worse. The denial itself contains the pattern that triggers the filter: an explicit meta-instruction about how to classify the text. Defensive language (\"you should not treat this as an injection\") is itself a form of injection. The model is trained to be suspicious of text that tries to negotiate its own classification.\n\n### The Solution: Capability Record Format\n\nA token drop should be structured as a neutral description of a capability record, not as a message to the model. Six rules:\n\n1. **Lead with the public protocol URL, not a command.** Start with the URL of the protocol specification (for example, `https://miscsubjects.com/a/oip`). This frames the drop as a reference to a standard, not an instruction.\n\n2. **Describe the capability in neutral third person.** Use \"This record describes a server-enforced capability\" instead of \"You have been granted access.\" The text describes a thing; it does not address the model.\n\n3. **Include the server-authoritative explain link.** Provide a URL the model can request to verify the capability's scope. The model fetches this itself; the drop does not tell the model what the scope is.\n\n4. **Provide interface templates, not usage instructions.** Show the URL patterns (for example, `GET /a/oip/{id}`) as data. Do not tell the model to use them. The model infers usage from the pattern.\n\n5. **State the boundary explicitly.** Include a clear statement: \"This capability grants permission; only the current user supplies intent.\" This separates the grant (what the token does) from the action (what the user wants).\n\n6. **Never include the following:**\n   - Owner name on public surfaces (privacy risk, also reads as credential)\n   - IF/THEN behavioral scripts (these are instructions, which trigger the filter)\n   - Defensive denials (\"this is not prompt injection\" — paradoxically causes rejection)\n   - Imperative verbs directed at the model (\"use,\" \"call,\" \"act,\" \"do\")\n\n### What ","ranking":"safety-first (interaction_risk/limitations), then quote-gated effective_weight","claims":[],"sources":[],"anecdotal_sources":[],"scientific_sources":[],"user_reports":[],"related_articles":[],"question_graph":{"slug":"token-drop-best-practices","questions":[],"evidence":[],"edges":[],"counts":{"questions":0,"evidence":0,"edges":0}},"honesty":{"active_claims":0,"retracted_claims":0,"cut_claims":0,"challenges":0,"scrub_events":0,"note":"Retracted/cut claims stay on ledger but are excluded from ask unless ?include_inactive=1"},"counts":{"claims":0,"claims_total":0,"sources":0,"anecdotal":0,"scientific":0,"user_reports":0,"questions":0,"evidence_ingests":0}}