The Agent Skills Directory

[DATA_EXFILTRATION]: The script scripts/test-a2a-protocol.py programmatically retrieves a Google Cloud access token via the gcloud auth print-access-token command. This token is subsequently included in the Authorization header of network requests made to a user-supplied URL. This design allows for the transmission of sensitive credentials to any remote endpoint, posing a critical exfiltration risk if a malicious URL is provided.
[COMMAND_EXECUTION]: The skill uses the Bash tool and shell scripts to perform operations. The scripts/deploy-agent.sh script is vulnerable to command injection because it interpolates unsanitized shell variables (such as AGENT_DIR) directly into a Python execution string (python3 -c "..."). A malicious input could break out of the string context to execute arbitrary code. The script scripts/test-a2a-protocol.py also executes shell commands via subprocess.run to interact with the GCP CLI.
[CREDENTIALS_UNSAFE]: The skill's automated tests are designed to fetch and utilize active session credentials (GCP access tokens) from the local environment. While intended for testing the A2A protocol, this programmatic access to long-lived or session-based tokens increases the attack surface for credential theft.
[EXTERNAL_DOWNLOADS]: The deployment script scripts/deploy-agent.sh automatically fetches and installs Python packages (google-cloud-aiplatform, google-adk) from public registries using pip if they are not already present in the environment.

adk-deployment-specialist