adk-deployment-specialist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md step 5) and included test script (scripts/test-a2a-protocol.py) explicitly fetch and parse untrusted public endpoints (e.g., the deployed agent's /.well-known/agent-card and /v1/tasks:send and status APIs) and use those responses to validate behavior and drive subsequent actions, so third‑party content can materially influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The test and example code call deployed A2A agent endpoints at runtime (e.g., https://gcp-deployer-agent-xyz.run.app/v1/tasks:send) with payloads that enable code execution, so the skill uses that external URL during runtime to submit prompts/tasks that can trigger remote code execution.