agent-mesh-a2a
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing the
agent-meshCLI tool to perform network discovery, authentication, and agent invocation. - [EXTERNAL_DOWNLOADS]: Instructs the user to install the
@annals/agent-meshpackage from the npm registry, which is a resource owned by the skill's author. - [DATA_EXFILTRATION]: Provides capabilities for transferring local files to remote agents via WebRTC P2P using the
--upload-fileflag. While a functional feature, this represents a risk surface for the exposure of sensitive local data to external entities. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface due to its agent-to-agent chaining design.
- Ingestion points: Untrusted data enters the agent context through the outputs of the
agent-mesh callandagent-mesh chatcommands, specifically within the automated pipeline examples inSKILL.md. - Boundary markers: The provided examples do not use delimiters or instructions to ignore embedded commands when interpolating results from one agent into the task description of another.
- Capability inventory: The skill utilizes subprocess execution of the CLI and shell-level data manipulation (
cat, variable interpolation). - Sanitization: There is no evidence of sanitization or validation of the text returned by remote agents before it is passed to subsequent prompts.
Audit Metadata