a2a-testing
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill contains legitimate instructions for software testing and protocol conformance without any detected malicious intent or obfuscation.
- [DATA_EXFILTRATION]: The skill uses WebFetch to retrieve protocol specifications from a2a-protocol.org and WebSearch to find community examples on GitHub. These network operations are essential for the primary purpose of the skill and do not involve access to or exfiltration of sensitive local data.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is instructed to process external documentation and search results. 1. Ingestion points: WebFetch (protocol specification) and WebSearch (GitHub) in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, and Edit tools. 4. Sanitization: Absent. While these factors create a vulnerability to external instructions, the behavior is associated with the intended purpose of testing against remote specifications.
- [NO_CODE]: The skill does not include any executable scripts, providing only markdown-based instructions for the agent.
Audit Metadata