a2a-messages-parts

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch protocol specification and schemas from external sources including https://a2a-protocol.org/latest/specification/ and GitHub.
  • [PROMPT_INJECTION]: The skill provides instructions for parsing and processing external message parts, which creates a surface for indirect prompt injection attacks.
  • Ingestion points: Untrusted data enters the agent context via TextPart content and FilePart URIs.
  • Boundary markers: There are no instructions for implementing delimiters or boundary markers to isolate untrusted message content from the system prompt.
  • Capability inventory: The skill environment allows high-privilege tools such as Bash, Write, and Edit.
  • Sanitization: The instructions lack any requirement for validating or sanitizing the content of message parts before they are processed or used in tool execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 06:09 AM
Security Audit — agent-trust-hub — a2a-messages-parts