Missing payload size limits allow resource exhaustion

No limits on incoming request payload sizes allows malicious or accidental resource exhaustion through memory consumption and event loop blocking when parsing large payloads.

Enforce hard limits on incoming payload sizes (3MB recommended to match output limits). Configure limits at middleware level before body parsing. Reject requests exceeding limits with HTTP 413 status. Apply limits to both v2 and v3 task inputs.