Skip to content

[SEC-4.2] Tool call argument validation guard #1206

Closed
#1246
Closed
[SEC-4.2] Tool call argument validation guard#1206
#1246
Labels
priority/highHigh prioritysecuritySecurity-related issuesize/MMedium PR (51-200 lines)toolsTool execution and MCP integration
@bug-ops

Description

@bug-ops
bug-ops
opened on Mar 4, 2026

Part of #1195 — Phase 4

Detect when tool call arguments contain URLs or commands that originated from untrusted content rather than the user.

Crates: zeph-core, zeph-tools
Depends on: SEC-1.4, SEC-2.1

Tasks:

  • Track URLs and command strings seen in untrusted content (taint set)
  • Before tool execution: check if arguments contain tainted strings
  • If tainted: log tracing::warn!, require user confirmation (human-in-the-loop)
  • Config: [security.exfiltration_guard] validate_tool_urls = true
  • Unit tests: tool call with URL from web scrape result, tool call with clean URL

Files: crates/zeph-core/src/sanitizer/exfiltration.rs, crates/zeph-tools/src/audit.rs

Metadata

Metadata

Assignees

No one assigned

    Labels

    priority/highHigh prioritysecuritySecurity-related issuesize/MMedium PR (51-200 lines)toolsTool execution and MCP integration

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions