a2a-multi-turn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Before writing code" section explicitly instructs the agent to fetch https://a2a-protocol.org/latest/specification/ and to web-search GitHub repos (site:github.com a2aproject ...) — both open/public third‑party sources whose content the agent is expected to read and use to guide implementation, which could include untrusted user-generated instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching https://a2a-protocol.org/latest/specification/ at runtime to obtain the multi-turn/input-required rules that would directly control agent prompts and behavior, making it a required external dependency.