ah-a2a
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation of the
@annals/agent-networkpackage viapnpm. This is a vendor-owned package provided by the skill author for interacting with the A2A platform.\n- [COMMAND_EXECUTION]: The skill is based on the use of theahCLI tool, which performs network operations, file system reads and writes, and local agent management tasks.\n- [DATA_EXFILTRATION]: Theah callandah chatcommands provide mechanisms for sending local files and text context to external agents using the--upload-fileand--input-fileflags. This creates a data exposure surface when interacting with third-party agents on the open platform.\n- [PROMPT_INJECTION]: The skill demonstrates a workflow for chaining multiple agents together, which introduces an indirect prompt injection surface.\n - Ingestion points: Data enters the context via the output of
ah calltasks, which is then reused in subsequent commands (documented in SKILL.md Step 4).\n - Boundary markers: The provided examples do not implement delimiters or safety instructions to prevent the agent from obeying instructions embedded in the external output.\n
- Capability inventory: The
ahCLI possesses the capability to perform network requests (ah call), read files (--upload-file), and write files (--output-file).\n - Sanitization: The instructions show direct string interpolation of external agent output (e.g.,
${TREND}) into subsequent task descriptions without sanitization or validation.
Audit Metadata