a2a-task-lifecycle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's "Before writing code" steps explicitly direct the agent to fetch live docs from https://a2a-protocol.org/latest/specification/ and to web-search GitHub (site:github.com a2aproject ...), i.e., public third-party sources whose content the agent is expected to read and which can materially influence implementation and subsequent actions.