adk-deployment-specialist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses AgentCard and A2A task responses from arbitrary deployed agent endpoints (e.g., validating /.well-known/agent-card and POSTing to /tasks/send as shown in SKILL.md step 5, references/how-it-works.py discover_agent/send_task examples, and scripts/test-a2a-protocol.py), meaning untrusted third-party agent-provided JSON is read and used to drive discovery and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The test script (scripts/test-a2a-protocol.py) makes runtime HTTP calls to a user-supplied agent URL (e.g., https://my-agent-xyz.run.app) — fetching /.well-known/agent-card and POSTing JSON‑RPC tasks to /tasks/send — which will cause the remote agent to execute tasks/logic, so contacting arbitrary external agent endpoints at runtime can directly trigger remote code execution or control agent behavior.