a2a-protocol

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The content includes an unsafe eval(user_input) in the calculator example which enables remote code execution from user-supplied input (high-risk); there are no obvious signs of covert exfiltration, credential theft, obfuscation, or supply-chain tampering elsewhere in the material.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches agent cards from arbitrary agent URLs using A2ACardResolver.get_agent_card() (reading /.well-known/agent-card.json) and consumes messages/events via A2AClient.send_message and streaming, so it ingests untrusted third-party content that the agent will read and interpret.