Builder upload YAML validation can be bypassed

[TristanInSec]

The YAML validation in the builder upload endpoint does not fully restrict values that could resolve to arbitrary Python references at agent load time.

PR #5344 hardens the validation to reject these values.

[sanketpatil06]

Hi @TristanInSec , To help us better understand the issue, could you please provide the steps to reproduce it? Also, a minimal reproducible code would also be very helpful.
Thanks.

[TristanInSec]

The reproduction steps are in the companion PR #5344. In short:

1. Start the dev server in web mode: adk web agents/
2. Upload a YAML file with a dotted tool name via /builder/save:

   name: my_agent
   tools:
     - name: os.system

3. The YAML is accepted and written to disk. When the agent is loaded, os.system resolves through importlib.import_module() and becomes a callable tool the LLM can invoke with arbitrary arguments.

The PR adds validation that rejects dotted (fully qualified) Python references in name, agent_class, and code fields, while still allowing simple built-in names like google_search.

[sanketpatil06]

Hi @TristanInSec , Thanks for the clarification.

Your PR is currently under review. Our team is going over the new validation logic to ensure it covers all the necessary fields, and it will be merged once the review is complete and everything looks good.

Thanks for your contribution.