PkgRadar

PyPI · pypi.org

a2a-sdk

Remote Payload: matched "curl "

Why PkgRadar flagged 1.1.0

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · a2a_sdk-1.1.0/itk/run_itk.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
1.1.0Review62026-05-29

Block this in CI

PkgRadar gates a2a-sdk (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi a2a-sdk==1.1.0
Start free — 25 scans / moView full evidence