Nice work on this. The token reduction side effect alone makes it worth dropping in.
I'm sure you are already thinking about other attack vectors, web fetch is one way injection gets in but agents have a lot more surfaces. User input, tool responses, memory, other agents in a chain.
I've been poking at handling this sanitization at the api call level and filtering everything. Definitely more latency w this approach, but essentially denying all.
Nice work on this. The token reduction side effect alone makes it worth dropping in.
I'm sure you are already thinking about other attack vectors, web fetch is one way injection gets in but agents have a lot more surfaces. User input, tool responses, memory, other agents in a chain.
I've been poking at handling this sanitization at the api call level and filtering everything. Definitely more latency w this approach, but essentially denying all.