I wonder what limitations Google is planning with this API to avoid misuse[0] (from the agent/Google's perspective).

A website that doesn't want to be interfaced by an agent (because they want a human to see their ads) could register bogus but plausible tools that convince the agent that the tool did something good. Perhaps the website could also try prompt injecting the agent into advertising to the user on the website's behalf.

[0]: Beyond just hoping the website complies with their "Generative AI Prohibited Uses Policy": https://developer.chrome.com/docs/ai/get-started#gemini_nano...