docs(remote-workspaces): add OFFSEC-003 strip_a2a_boundary() security note

Pair molecule-sdk-python #8 (merged 2026-05-10T16:26:33Z):
- Add OFFSEC-003 trust-boundary section to RemoteAgentClient API Reference
- Explains [A2A_RESULT_FROM_PEER] markers on peer responses
- Documents strip_a2a_boundary() usage pattern
- Add changelog entry for #8

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

content/docs/changelog.mdx

@@ -93,6 +93,7 @@ Entries are published daily at 23:50 UTC.
 - **RemoteAgentClient `org_id` and `origin` kwargs**: `RemoteAgentClient` now accepts `org_id` (injected as `X-Molecule-Org-Id` header) and `origin` (injected as `Origin` header for request tracing) as constructor kwargs. Both propagate to all 14+ outbound call sites automatically via `_auth_headers()`. (`molecule-sdk-python` [#7](https://git.moleculesai.app/molecule-ai/molecule-sdk-python/pull/7))
 - **RemoteAgentClient `fetch_inbound()` filter params**: `fetch_inbound()` now accepts `peer_id` (narrow to a specific peer's messages) and `before_ts` (RFC3339 timestamp for cursor-based pagination). Enables agents to selectively consume inbound activity from known siblings. (`molecule-sdk-python` [#6](https://git.moleculesai.app/molecule-ai/molecule-sdk-python/pull/6))
 - **InboundMessage enrichment fields**: `InboundMessage` now exposes typed `peer_name`, `peer_role`, and `agent_card_url` attributes, surfaced from the platform's peer registry at dispatch time. Previously these were only accessible via the raw channel envelope. (`molecule-sdk-python` [#5](https://git.moleculesai.app/molecule-ai/molecule-sdk-python/pull/5))
+- **`strip_a2a_boundary()` — OFFSEC-003 trust-boundary SDK helper**: `molecule-sdk-python` now exports `strip_a2a_boundary(text)` to strip `[A2A_RESULT_FROM_PEER]...[/A2A_RESULT_FROM_PEER]` wrappers from peer-generated content. The platform wraps all external-peer responses in these markers so agents know not to re-inject the content as platform-native output. Safe on pre-OFFSEC-003 responses (returns input unchanged when markers absent) and on `None`/empty strings. (`molecule-sdk-python` [#8](https://git.moleculesai.app/molecule-ai/molecule-sdk-python/pull/8))
 
 ### 🔧 Fixes
 

content/docs/guides/remote-workspaces.md

@@ -192,6 +192,22 @@ Each inbound message carries these fields in addition to the standard A2A fields
 
 > **Note:** `peer_name`, `peer_role`, and `agent_card_url` are enriched from the platform's peer registry at dispatch time. They are `None` if the sending peer has not registered an agent card.
 
+### Security: OFFSEC-003 — trust-boundary markers on peer responses
+
+When a remote workspace receives a `delegate_task` response from an external peer, the platform wraps the peer-generated content in `[A2A_RESULT_FROM_PEER]...[/A2A_RESULT_FROM_PEER]` trust-boundary markers. These markers signal to the agent that the enclosed content originated outside the platform's trust boundary and must not be re-injected as platform-native output.
+
+Use `strip_a2a_boundary()` to strip the wrappers before processing the content:
+
+```python
+from molecule_agent import RemoteAgentClient, strip_a2a_boundary
+
+# Normalise inbound peer result — safe on pre-OFFSEC-003 responses (returns
+# input unchanged when markers absent) and on None/empty strings.
+result = strip_a2a_boundary(msg.params.get("result", ""))
+```
+
+This is particularly important when displaying peer results to users or using them as tool inputs — always strip the boundary markers first. See `molecule-core` [#334](https://git.moleculesai.app/molecule-ai/molecule-core/pull/334) for the platform-side implementation.
+
 ---
 
 ## What Phase 30 Covers