a2a-push-notifications

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No behavioral overrides, safety bypasses, or instructions to ignore previous rules were found. The skill uses benign instructional language.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: No hardcoded credentials or attempts to access sensitive local files (e.g., SSH keys, env files) were detected.
  • [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill does not perform package installations or remote script execution. It fetches technical documentation from specified URLs (a2a-protocol.org and GitHub), which is appropriate for the skill's purpose.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests data from external sources. * Ingestion points: Technical specifications and search results are fetched via WebFetch and WebSearch (SKILL.md). * Boundary markers: No delimiters or warnings are specified to separate external content from internal instructions. * Capability inventory: The skill has access to Bash, Write, and Edit tools (SKILL.md). * Sanitization: No sanitization or validation of the fetched external documentation is described. This surface is considered a low risk inherent to web-browsing capabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — a2a-push-notifications