a2a-protocol
Warn
Audited by Snyk on Jun 27, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill’s runtime path ingests outsider-authored free text when it fetches a user-supplied URL (e.g.,
page = await fetch(url)in the server example) and then passes that fetched page content into the LLM for summarization (llm.summarize(page)), where the fetched web page is public/third-party content.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill calls fetch(url) at runtime (example input "https://example.com/paper") and passes the fetched page into llm.summarize(page), which directly injects remote content into the model context and can enable prompt injection.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata