a2a-messages-parts
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch protocol specification and schemas from external sources including
https://a2a-protocol.org/latest/specification/and GitHub. - [PROMPT_INJECTION]: The skill provides instructions for parsing and processing external message parts, which creates a surface for indirect prompt injection attacks.
- Ingestion points: Untrusted data enters the agent context via
TextPartcontent andFilePartURIs. - Boundary markers: There are no instructions for implementing delimiters or boundary markers to isolate untrusted message content from the system prompt.
- Capability inventory: The skill environment allows high-privilege tools such as
Bash,Write, andEdit. - Sanitization: The instructions lack any requirement for validating or sanitizing the content of message parts before they are processed or used in tool execution.
Audit Metadata