Context

zeph-mcp/src/sanitize.rs and zeph-core's ContentSanitizer both maintain independent sets of injection-detection regexes. These will drift over time as new patterns are added to one but not the other.

Action Required

Extract the injection-detection regex set into a shared location (e.g. zeph-core::security::patterns or a new minimal crate) and have both zeph-mcp and zeph-core depend on it. This ensures any new pattern is automatically available to both sanitization layers.

Severity

Low — maintenance risk, not an active vulnerability.