test-a2a-interop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses an external Agent Card from a user-supplied base URL (e.g., Step 1: curl https://agent.example.com/.well-known/agent.json) and then uses fields and example phrases from that untrusted agent plus SSE/task responses as inputs to drive test actions, so third-party content can directly influence subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches the Agent Card at runtime (https://agent.example.com/.well-known/agent.json) and then uses its skill entries/examples (e.g., skillExamples[0]) to construct task messages, so remote content can directly control prompts and is a required dependency.