a2a-authentication
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions require fetching the latest specifications and implementation samples from external web resources, including the a2a-protocol.org domain and GitHub search results for the a2aproject organization.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from the web.
- Ingestion points: Specification documents and search results from a2a-protocol.org and GitHub (SKILL.md).
- Boundary markers: None identified; the instructions do not include markers to separate documentation content from system instructions.
- Capability inventory: The agent is granted access to high-privilege tools, including Bash, Write, and Edit (SKILL.md), which could be targets for instructions embedded in external data.
- Sanitization: No sanitization or validation logic is specified for the content retrieved from external sources.
Audit Metadata