Hi there (I work on a2a) - can you explain the concern a bit more? We'd be happy to look.
A2A is a conduit for agents to speak in their native modalities. From the receiving agent implementation point of view, there shouldn't be a difference in "speaking" to a user/human-in-the-loop and another agent. I'm not aware of anything in the protocol that is sensitive to the content. A2A has 'Messages' and 'Artifacts' to distinguish between generated content and everything else (context, thoughts, user instructions, etc) and should be robust to formatting challenges (since it relies on the underlying agent).
Some of the research I want to show you is, although technically public, very relevant for malware development, especially in worming payloads that are spread by exposed agents to other exposed agents. It's not secret information but I don't want to make it easy for script kiddies to skip 4+ years of studying engineering and the associated learning about ethics. Can I contact you directly in some way? Thanks.
A2A is a conduit for agents to speak in their native modalities. From the receiving agent implementation point of view, there shouldn't be a difference in "speaking" to a user/human-in-the-loop and another agent. I'm not aware of anything in the protocol that is sensitive to the content. A2A has 'Messages' and 'Artifacts' to distinguish between generated content and everything else (context, thoughts, user instructions, etc) and should be robust to formatting challenges (since it relies on the underlying agent).