Skills
skills/orcaqubits/agentic-commerce-skills-plugins/a2a-dev-patterns/Gen Agent Trust Hub

a2a-dev-patterns

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches protocol specifications from https://a2a-protocol.org/latest/specification/ and performs web searches to find reference architectures and community patterns.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external websites and search results.
  • Ingestion points: Data enters the agent context through WebFetch (from a2a-protocol.org) and WebSearch (community patterns) as directed in SKILL.md.
  • Boundary markers: Absent; there are no instructions to use delimiters or ignore instructions found within the fetched content.
  • Capability inventory: The agent has access to sensitive tools including Bash, Write, and Edit which could be misused if the fetched data contains malicious instructions.
  • Sanitization: No validation or sanitization of the external content is described before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:09 AM