agent-protocol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests untrusted agent metadata and responses from arbitrary A2A endpoints (see A2AClient.discover() which GETs "{base_url}/.well-known/agent.json" and ProtocolBridge.mcp_tool_to_a2a_task which sends tasks to external agent URLs and consumes their artifact parts), so third‑party agent content can directly influence tool selection and subsequent actions.