a2a-mcp-integration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The setup scripts (
install-python-integration.sh,install-typescript-integration.sh) install necessary dependencies from standard registries. Python packages includea2a-protocol,mcp-sdk, andpython-dotenv. Node.js packages include@a2a/protocol,@modelcontextprotocol/sdk, anddotenv. These are appropriate for the skill's stated purpose of protocol integration. - [CREDENTIALS_UNSAFE] (SAFE): The authentication template (
auth-hybrid-template.txt) and environment files use descriptive placeholders (e.g.,your_a2a_key_here) and include explicit comments warning against committing real secrets. Use of environment variables for API keys is consistent with security best practices. - [COMMAND_EXECUTION] (SAFE): Shell scripts are utilized for environment setup, version checking, and local validation. No instances of arbitrary or unsanitized command execution from external sources were found. Heredoc usage in validation scripts is static and benign.
- [DATA_EXFILTRATION] (SAFE): Network activity is restricted to the protocols being integrated (A2A and MCP). The skill does not access sensitive local files (e.g., SSH keys, AWS credentials) for external transmission.
- [INDIRECT_PROMPT_INJECTION] (LOW): The templates define data ingestion points where agents receive parameters from other agents or tool outputs (e.g.,
task.paramsincoordinator-worker-pattern.py). - Ingestion points:
WorkerAgent.execute_task,ApplicationLayer.processResearchRequest. - Boundary markers: Absent in these boilerplate templates.
- Capability inventory: MCP tool execution (capable of web/database operations).
- Sanitization: Not implemented in templates; however, this is a standard architecture for agentic systems rather than a malicious implementation.
Audit Metadata