Harden config tool reference validation

[RobertoLuzanilla]

Please ensure you have read the contribution guide before creating a pull request.

Link to Issue or Description of Change

1. Link to an existing issue (if applicable):

• Related: N/A

2. Or, if no issue exists, describe the change:

Problem:

YAML-based agent configurations already reject the args key because it can be used to pass arbitrary arguments to Python constructors or functions. However, unsafe Python callables can still be referenced without args, for example through a tool reference such as subprocess.run.

This can allow unsafe standard-library callables to be resolved and registered as configurable agent tools through YAML-based configuration paths.

Solution:

This PR hardens config validation by rejecting references to unsafe Python modules in YAML-based agent configurations.

The change centralizes blocked config validation in config_agent_utils.py and reuses it from the builder upload validation path. It also adds a defense-in-depth check in LlmAgent._resolve_tools() before importing user-defined tool references.

This is a defensive hardening change. It does not change the trusted-code model for Python-defined agents, but prevents unsafe standard-library references from being registered through YAML-based configuration paths.

Testing Plan

Unit Tests:

• I have added or updated unit tests for my change.
• All unit tests pass locally.

Ran the focused unit test file locally:

python -m pytest .\tests\unittests\agents\test_config_agent_utils.py

Added regression tests covering:

• rejection of blocked args keys
• rejection of blocked unsafe module references such as subprocess.run
• allowed non-blocked tool references

Passed locally:

python -m py_compile .\src\google\adk\agents\config_agent_utils.py
python -m py_compile .\src\google\adk\cli\fast_api.py
python -m py_compile .\src\google\adk\agents\llm_agent.py
python -m pytest .\tests\unittests\agents\test_config_agent_utils.py

Result:

3 passed, 2 warnings

Note: The warnings were local pytest configuration warnings about async pytest options and were not related to the added tests.

Manual End-to-End (E2E) Tests:

Manual E2E validation was not performed. This change is covered by focused unit tests for the shared config validation logic and by a defense-in-depth check in tool resolution.

Checklist

• I have read the CONTRIBUTING.md document.
• I have performed a self-review of my own code.
• I have commented my code, particularly in hard-to-understand areas.
• I have added tests that prove my fix is effective or that my feature works.
• New and existing unit tests pass locally with my changes.
• I have manually tested my changes end-to-end.
• Any dependent changes have been merged and published in downstream modules.

This PR is intentionally scoped as a small hardening change. It keeps existing Python-defined agent behavior unchanged while adding validation for YAML-based config paths and a defense-in-depth check before resolving user-defined tool references.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[adk-bot]

Response from ADK Triaging Agent

Hello @RobertoLuzanilla, thank you for your contribution!

Before we can merge this PR, could you please sign the Contributor License Agreement (CLA)? You can find more information at https://cla.developers.google.com/.

Also, for a change of this nature, it would be helpful to have an associated GitHub issue to track the problem and the fix. Could you please create an issue and link it to this PR?

Thank you!