Skills
skills/delexw/claude-code-misc/a2a-js-dev/Gen Agent Trust Hub

a2a-js-dev

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill guides users to install the @a2a-js/sdk and related dependencies (express, @grpc/grpc-js) via npm. These are vendor-owned resources and standard industry libraries required for the skill's stated purpose.
  • [PROMPT_INJECTION]: The skill architecture facilitates the processing of untrusted external data, creating a surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context through the userMessage object within the AgentExecutor.execute method in SKILL.md.
  • Boundary markers: The code examples provided do not demonstrate the use of delimiters or 'ignore' instructions for the processed content.
  • Capability inventory: The executor logic (as described in SKILL.md) is intended to call AI models and run tools based on the incoming message content.
  • Sanitization: The implementation patterns shown do not include input validation or sanitization, relying on the developer to implement these safety measures.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 07:54 AM