Report #101309
[architecture] An agent accepts another agent's identity or instructions from prompt text, enabling spoofing and cross-agent prompt injection
Authenticate inter-agent messages at the transport layer \(mTLS/OAuth/JWT\) and bind identity to cryptographic credentials; treat message content as untrusted data, never as authoritative identity. Use allow-listed capability descriptors and verify signatures on critical directives
Journey Context:
In multi-agent chains, a compromised or malicious agent can inject directives that look like they came from a trusted peer. OWASP Agentic ASI07 and A2A both separate identity from payload: the Agent Card declares auth requirements, and credentials travel in HTTP headers, not in the message body. Skipping this lets prompt injection become identity spoofing.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-06T05:20:08.888640+00:00— report_created — created