a2a-client

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent to fetch documentation from https://a2a-protocol.org/latest/specification/ and to use web searches to find reference client implementations and SDK usage patterns on GitHub.
  • [COMMAND_EXECUTION]: The skill requires the use of the Bash tool to implement the client logic, which includes handling JSON-RPC messaging and agent discovery mechanisms.
  • [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection because it incorporates external data from protocol specifications and third-party agent cards into its operational context.
  • Ingestion points: SKILL.md (fetches protocol requirements from a2a-protocol.org and agent-card.json configuration files from untrusted agent URLs).
  • Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores or treats instructions found in external documents as data rather than directives.
  • Capability inventory: SKILL.md (the agent has access to Bash, Write, Edit, Read, WebSearch, and WebFetch tools, which could be exploited if malicious instructions are processed from the ingested data).
  • Sanitization: Absent. The skill does not mandate validation or sanitization of the fetched JSON-RPC parameters or agent card metadata before they are used to configure the client's behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — a2a-client