a2a-knowledge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow instructs clients to fetch and parse public Agent Cards (e.g., via the well-known URI https://{server_domain}/.well-known/agent-card.json and the "Get Extended Agent Card" flow described in SKILL.md/specification.md) and to act on declared capabilities, protocol bindings, extensions, and URLs from arbitrary remote agents—untrusted third‑party content that can materially change protocol behavior.