a2a-dev-patterns

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill performs network operations to fetch external documentation from a2a-protocol.org and search engines using WebFetch and WebSearch tools, which targets non-whitelisted domains.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted external data while maintaining access to powerful system tools.\n
  • Ingestion points: Documentation is retrieved from https://a2a-protocol.org/latest/specification/ and web search results are processed at runtime.\n
  • Boundary markers: Absent; the skill lacks instructions for the agent to separate or ignore instructions that may be embedded in fetched external content.\n
  • Capability inventory: The skill defines access to Bash, Write, and Edit tools in SKILL.md, allowing for significant system interaction.\n
  • Sanitization: No validation, escaping, or filtering of the retrieved external content is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — a2a-dev-patterns