a2a-authentication

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions require fetching the latest specifications and implementation samples from external web resources, including the a2a-protocol.org domain and GitHub search results for the a2aproject organization.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from the web.
  • Ingestion points: Specification documents and search results from a2a-protocol.org and GitHub (SKILL.md).
  • Boundary markers: None identified; the instructions do not include markers to separate documentation content from system instructions.
  • Capability inventory: The agent is granted access to high-privilege tools, including Bash, Write, and Edit (SKILL.md), which could be targets for instructions embedded in external data.
  • Sanitization: No sanitization or validation logic is specified for the content retrieved from external sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — a2a-authentication