Part of #1195 — Phase 2 Apply sanitization to incoming A2A messages from external agents. **Crates**: zeph-a2a **Depends on**: SEC-1.4 **Tasks**: - [ ] Incoming A2A task messages tagged `ExternalUntrusted` with remote agent card URL as source - [ ] Apply `ContentSanitizer` in A2A server incoming message handler - [ ] Agent card trust allowlist in config (known agents can be elevated to `LocalUntrusted`) - [ ] Unit tests with mock A2A message containing injection payload **Files**: `crates/zeph-a2a/src/server.rs`
Part of #1195 — Phase 2
Apply sanitization to incoming A2A messages from external agents.
Crates: zeph-a2a
Depends on: SEC-1.4
Tasks:
ExternalUntrustedwith remote agent card URL as sourceContentSanitizerin A2A server incoming message handlerLocalUntrusted)Files:
crates/zeph-a2a/src/server.rs