a2a-dev-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network operations to fetch external documentation from a2a-protocol.org and search engines using WebFetch and WebSearch tools, which targets non-whitelisted domains.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted external data while maintaining access to powerful system tools.\n
- Ingestion points: Documentation is retrieved from https://a2a-protocol.org/latest/specification/ and web search results are processed at runtime.\n
- Boundary markers: Absent; the skill lacks instructions for the agent to separate or ignore instructions that may be embedded in fetched external content.\n
- Capability inventory: The skill defines access to Bash, Write, and Edit tools in SKILL.md, allowing for significant system interaction.\n
- Sanitization: No validation, escaping, or filtering of the retrieved external content is performed.
Audit Metadata