a2a-protocol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's specification explicitly requires A2A clients to fetch and parse external Agent Cards (e.g., spec-05: "GET https://{server}/.well-known/agent-card.json") and to send/receive messages, SSE streams, and artifacts from remote agent endpoints (spec-07/spec-09), meaning the agent will ingest and act on arbitrary, public third-party content (AgentCards, message parts, artifact URIs) that could carry indirect prompt-injection instructions.