a2a-setup
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to fetch and process content from external URLs (a2a-protocol.org) and search results (GitHub) which is then used to perform sensitive actions like file writing and command execution.\n
- Ingestion points: WebFetch calls to protocol specifications and WebSearch queries for SDK READMEs in SKILL.md.\n
- Boundary markers: The instructions do not include specific delimiters or warnings to ignore instructions embedded within the fetched external data.\n
- Capability inventory: The skill utilizes Write, Bash, and Edit tools to create and modify the project structure.\n
- Sanitization: There is no evidence of sanitization or validation of the fetched external content before it is processed by the agent to generate code or execute commands.\n- [EXTERNAL_DOWNLOADS]: The skill fetches documentation and configuration details from a2a-protocol.org and GitHub repositories. These are legitimate resources necessary for the skill's intended purpose of project scaffolding and originate from well-known or protocol-specific sources.
Audit Metadata