ah-a2a
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill enables the transfer of local files to remote agents via the '--upload-file' flag. It also includes a '--base-url' flag in the 'ah chat' command, which permits the redirection of communication to arbitrary external servers.
- [COMMAND_EXECUTION]: The skill's core functionality relies on executing the 'ah' CLI utility to interact with the A2A network.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it is designed to ingest and process outputs from remote agents.
- Ingestion points: Responses from remote agents are received through 'ah call' and 'ah chat' commands (SKILL.md).
- Boundary markers: No explicit delimiters are used to separate remote agent content from the local context.
- Capability inventory: The agent can execute shell commands, upload files to remote targets, and write files to the local system.
- Sanitization: There is no documentation of sanitization or filtering for data retrieved from the network.
Audit Metadata