a2a-jsonrpc-transport

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Before writing code" steps explicitly instruct fetching live public docs (https://a2a-protocol.org/latest/specification/, https://www.jsonrpc.org/specification, a web-search of site:github.com a2aproject, and SDK docs), so the agent would ingest untrusted third-party web content that can influence implementation and subsequent tool use.