a2a-client
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the agent to fetch documentation from
https://a2a-protocol.org/latest/specification/and to use web searches to find reference client implementations and SDK usage patterns on GitHub. - [COMMAND_EXECUTION]: The skill requires the use of the
Bashtool to implement the client logic, which includes handling JSON-RPC messaging and agent discovery mechanisms. - [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection because it incorporates external data from protocol specifications and third-party agent cards into its operational context.
- Ingestion points:
SKILL.md(fetches protocol requirements froma2a-protocol.organdagent-card.jsonconfiguration files from untrusted agent URLs). - Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores or treats instructions found in external documents as data rather than directives.
- Capability inventory:
SKILL.md(the agent has access toBash,Write,Edit,Read,WebSearch, andWebFetchtools, which could be exploited if malicious instructions are processed from the ingested data). - Sanitization: Absent. The skill does not mandate validation or sanitization of the fetched JSON-RPC parameters or agent card metadata before they are used to configure the client's behavior.
Audit Metadata