a2a-streaming
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to fetch and follow documentation from an external URL (https://a2a-protocol.org/latest/specification/). This introduces a surface for indirect prompt injection, as the agent is directed to incorporate external, potentially untrusted content into its execution context.
- Ingestion points: SKILL.md instructs fetching documentation from an external URL and performing web searches.
- Boundary markers: Absent. No instructions are provided to the agent to treat the fetched content as data only or to ignore embedded instructions.
- Capability inventory: The skill has access to powerful tools including Bash, Write, and Edit.
- Sanitization: Absent. There is no validation or sanitization step for the content fetched from the external source.
Audit Metadata