a2a-task-lifecycle
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the processing of task objects which include messages and state history from external client agents, creating an indirect prompt injection surface.
- Ingestion points: Untrusted data enters the agent context through the 'messages' and 'metadata' fields of the Task object, as well as via the
message/sendandmessage/streamendpoints described in SKILL.md. - Boundary markers: The instructions lack any requirement for delimiters or specific system messages to help the agent distinguish between task data and its own core instructions.
- Capability inventory: The skill allows the use of powerful tools including
Bash,WebFetch,WebSearch, and file system access (Read,Write,Edit), increasing the potential impact of a successful injection. - Sanitization: There are no procedures defined for validating or sanitizing the content of task messages before they are processed by the agent.
- [EXTERNAL_DOWNLOADS]: The skill directs the agent to fetch documentation and search for implementation examples from external sources to guide its work.
- Evidence: Fetches the specification from
https://a2a-protocol.org/latest/specification/and searchesgithub.com/a2aprojectfor task handling samples. - Context: These operations are intended for documentation retrieval and do not involve the direct execution of remote code or scripts.
Audit Metadata