Back to skill

Security audit

A2A Agent Protocol

Security checks across malware telemetry and agentic risk

Overview

This A2A helper is mostly a protocol guide, but its optional mock server exposes a network service and can forward task data to arbitrary webhook URLs, so it needs review before use.

Install only if you intend to connect agents over A2A. Treat task text, files, metadata, callback URLs, and artifacts as data that may be sent to remote agents. If using the mock server, run it only in a trusted local environment, prefer loopback-only binding, avoid sensitive task content, and do not accept webhook or push-provider URLs from untrusted callers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README promotes sending tasks to remote agents, streaming updates, and subscribing to push notifications, but it does not clearly warn that prompts, task content, metadata, or artifacts may be transmitted to third-party systems. In an agent skill, this omission can lead users or higher-level agents to share sensitive business data with remote endpoints without informed consent, especially because the skill is explicitly designed for cross-agent communication.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes registering webhook callbacks and accepting `tasks/push` payloads from remote agents, but it does not warn that this exposes a callback endpoint to untrusted remote input. Without explicit caution, users may unintentionally open an externally reachable endpoint, accept spoofed or malicious payloads, or leak internal service URLs.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The mock-server mode starts a local HTTP server on a listening port but does not clearly warn the user that a new service will be exposed on the host. Even if intended for local testing, this can widen the attack surface if bound broadly, run on a shared machine, or used in environments with permissive networking.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The server accepts a user-supplied pushProviderUrl and performs an outbound POST containing task data to that arbitrary destination. This creates a server-side request forgery/data exfiltration primitive: an attacker can cause the server to connect to internal or attacker-controlled endpoints and leak task contents, which is more concerning in an agent-integration context where tasks may carry structured, sensitive data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/quickstart.md:83