agent-protocol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows an A2A client that fetches agent cards from arbitrary base URLs (discover() calling {base_url}/.well-known/agent.json) and a ProtocolBridge that sends tasks to external A2A agents and ingests their artifacts/text parts, so untrusted third‑party agent content can be fetched and directly influence tool selection and subsequent actions.