a2a-task-lifecycle

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill facilitates the processing of task objects which include messages and state history from external client agents, creating an indirect prompt injection surface.
  • Ingestion points: Untrusted data enters the agent context through the 'messages' and 'metadata' fields of the Task object, as well as via the message/send and message/stream endpoints described in SKILL.md.
  • Boundary markers: The instructions lack any requirement for delimiters or specific system messages to help the agent distinguish between task data and its own core instructions.
  • Capability inventory: The skill allows the use of powerful tools including Bash, WebFetch, WebSearch, and file system access (Read, Write, Edit), increasing the potential impact of a successful injection.
  • Sanitization: There are no procedures defined for validating or sanitizing the content of task messages before they are processed by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill directs the agent to fetch documentation and search for implementation examples from external sources to guide its work.
  • Evidence: Fetches the specification from https://a2a-protocol.org/latest/specification/ and searches github.com/a2aproject for task handling samples.
  • Context: These operations are intended for documentation retrieval and do not involve the direct execution of remote code or scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 07:32 AM
Security Audit — agent-trust-hub — a2a-task-lifecycle