Skills
skills/terminalskills/skills/a2a-protocol/Gen Agent Trust Hub

a2a-protocol

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions include installing a2a-sdk for Python and @a2a-js/sdk for Node.js. These are functional dependencies for the protocol described and align with the vendor's specialized domain.
  • [PROMPT_INJECTION]: The skill implementation creates a surface for indirect prompt injection as it processes and acts upon external message content without demonstrating sanitization or boundary markers.
  • Ingestion points: Untrusted external data is ingested via context.get_user_message() in Python and context.getUserMessage() in Node.js within the SKILL.md code examples.
  • Boundary markers: The provided examples do not use delimiters or specific safety instructions to isolate external messages from the agent's internal reasoning.
  • Capability inventory: The logic includes capabilities for web searching and multi-agent orchestration, which are triggered based on the content of these external messages.
  • Sanitization: No content validation, escaping, or sanitization logic is present in the server execution handlers provided in the documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 04:20 PM