Skills
skills/pjt222/development-guides/test-a2a-interop/Gen Agent Trust Hub

test-a2a-interop

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches an Agent Card (JSON) from a remote URL (https://agent.example.com/.well-known/agent.json) to validate protocol conformance. This is a standard part of the A2A discovery mechanism.
  • [COMMAND_EXECUTION]: Uses the Bash tool to execute curl for downloading the configuration file. The commands are defined within the procedural steps and use placeholder or user-provided URLs.
  • [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface as it processes descriptive text and metadata from externally-hosted Agent Cards. 1. Ingestion points: agent-card.json (Step 1.1). 2. Boundary markers: Absent; the skill parses the JSON and iterates through fields directly. 3. Capability inventory: Bash, WebFetch, Read, Write, Edit, Grep, Glob. 4. Sanitization: No explicit sanitization of field content is performed before logging or report generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 07:15 AM