Part of #1195 — Phase 4

Detect when tool call arguments contain URLs or commands that originated from untrusted content rather than the user.

Crates: zeph-core, zeph-tools
Depends on: SEC-1.4, SEC-2.1

Tasks:

• Track URLs and command strings seen in untrusted content (taint set)
• Before tool execution: check if arguments contain tainted strings
• If tainted: log tracing::warn!, require user confirmation (human-in-the-loop)
• Config: [security.exfiltration_guard] validate_tool_urls = true
• Unit tests: tool call with URL from web scrape result, tool call with clean URL

Files: crates/zeph-core/src/sanitizer/exfiltration.rs, crates/zeph-tools/src/audit.rs