a2a-server

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Before writing code" steps explicitly direct the agent to fetch live, public documentation and GitHub search results (e.g., https://a2a-protocol.org/latest/specification/ and site:github.com a2aproject / a2a-samples), meaning the agent will ingest and act on untrusted third-party, user-controlled content that can materially influence implementation decisions and tool use.