a2a-client

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the client to fetch live third-party resources (e.g., https://a2a-protocol.org/latest/specification/, web-search GitHub for SDKs, and fetching arbitrary target agent Agent Cards at {base_url}/.well-known/agent-card.json), which the agent must read and use to decide routing and actions, exposing it to untrusted user-generated/open-web content that could inject instructions.