ap2-a2a-extension
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves protocol specifications from ap2-protocol.org, which is an external domain not included on the trusted vendors list.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from external web sources. Ingestion points: SKILL.md (instructions to fetch documentation and search GitHub). Boundary markers: Absent; there are no instructions to isolate or verify external content. Capability inventory: SKILL.md enables Bash, Write, and Edit tools, allowing potential misuse if external data contains malicious instructions. Sanitization: Absent; no validation methods are provided for the fetched data.
- [COMMAND_EXECUTION]: The skill enables the Bash tool. Although no malicious command sequences are specified, the presence of shell access in an environment that processes external data increases the attack surface.
Audit Metadata