google-adk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's A2A quickstart and examples (e.g., reference/a2a/quickstart-consuming-python.md and quickstart-consuming-go.md) show the agent fetching and using remote agent cards and endpoints (AgentCardSource / http://.../.well-known/agent-card.json and RemoteA2aAgent agent_card URLs) so it ingests and acts on content from external, potentially untrusted third-party services.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill creates RemoteA2aAgent instances that fetch a remote agent card at runtime (e.g., the Python example uses the AgentCard URL f"http://localhost:8001/a2a/check_prime_agent{AGENT_CARD_WELL_KNOWN_PATH}"), and that fetched agent-card JSON controls the remote agent's instructions/skills, so this is a runtime external dependency that can directly control prompts/behavior.