Is A2A / Agent2Agent Protocol safe to use?

A2A / Agent2Agent Protocol has an HVTrust score of 89.3/100 (Grade A), ranked #13 of 206 open-source AI projects. This score reflects verifiable supply-chain integrity, transparency, maintenance, and adoption signals.

What is the trust score for A2A / Agent2Agent Protocol?

A2A / Agent2Agent Protocol scores 89.3/100 on HVTracker's evidence-weighted HVTrust scale. It has 24.1k GitHub stars and is categorized under Protocols & Tool Integration.

A2A / Agent2Agent Protocol

google/A2A

Agent2Agent (A2A) is an open protocol enabling communication and interoperability between opaque agentic applications.

Protocols & Tool Integration Shell Grade A Listed Apache-2.0

Compare Compare saved agents Track this agent Suggest correction

Listing state

Listed

HVTrust

89.3/100 · Grade A

Last push

2026-06-04 · 0d ago

Recent change

HVTrust +6

Quick Trust Read

Verdict

Strong public trust posture, backed by multiple independent signals.

89.3/100 · Grade A

Strongest Signal

Identity / Provenance

18.0/18

Weakest Signal

Maintenance

16.6/20

What Would Improve It

Improve maintenance to lift the weakest part of the trust profile.

Recent Changes

2026-05-29

HVTrust Changed

HVTrust up 10.2pts (75.2 → 85.4)

2026-05-28

Rank Moved

Rank rose 40 spots (#59 → #19)

2026-05-28

HVTrust Changed

HVTrust up 5.9pts (69.3 → 75.2)

Maintainer Checklist

Keep signals current Trust posture is already in a healthy range. The main job is to keep provenance, maintenance, and public evidence fresh.

Compare with MCP Registry Track A2A / Agent2Agent Protocol View Protocols & Tool Integration Report missing data

81.4

Activity Score · out of 100

89.3

HVTrust Score · out of 100

#13

Global Rank · of 206

In Protocols & Tool Integration

How to read this: HVTrust (0–100) weighs supply-chain signals (provenance, OSSF Scorecard, signed commits, open license) alongside real-world adoption. Grade A reflects the trust score band: A ≥ 80, B ≥ 65, C ≥ 50, D < 50. Full methodology →

Rank Trend

2026-05-25 2026-06-04

Activity & Reach

Stars

24.1k

Forks

2.4k

Last Push

2026-06-04

today

Commits (4 wk)

Downloads (7d)

2,628,077

pypi

HN mentions (30d)

Open Issues

278

Rank Change

▲3

was #16

Analysis

HVTrust Dimensions

89.3 / 100 · 100.0% confidence

Safety / IntegrityOSSF, provenance, signatures

21.2 / 25

Identity / ProvenanceListing and build link

18.0 / 18

TransparencyLicense and public checks

14.4 / 17

MaintenanceFreshness and commits

16.6 / 20

AdoptionStars and downloads

19.1 / 20

Activity Inputs

81.4 / 100

StarsRepository reach

26.3 / 30

FreshnessLast push recency

25.0 / 25

ActivityRecent commits

14.3 / 25

CommunityFork signal

15.8 / 20

Supply Chain Trust

Package Provenance

Verified

pypi attestation

OSSF Scorecard

7.0 / 10

via deps.dev · OpenSSF

Signed Commits

99%

of last 100 commits verified

Binary-Artifacts 10

Branch-Protection 8

CI-Tests 9

CII-Best-Practices 0

Code-Review 9

Contributors 10

Dangerous-Workflow 10

Dependency-Update-Tool 10

Fuzzing 0

License 10

Maintained 10

Packaging -1

Pinned-Dependencies 0

SAST 0

Security-Policy 9

Signed-Releases -1

Token-Permissions 0

Vulnerabilities 10

Is A2A / Agent2Agent Protocol safe?

Public supply-chain signals for A2A / Agent2Agent Protocol are strong: it has multiple independent trust indicators in place. This does not replace your own security review, but A2A / Agent2Agent Protocol carries less obvious unverified-evidence risk than projects with thin signals.

Does A2A / Agent2Agent Protocol publish package provenance?

Yes. A2A / Agent2Agent Protocol's package releases carry build provenance attestations, which cryptographically link the published package back to its source repository and CI workflow.

Does A2A / Agent2Agent Protocol have an OpenSSF Scorecard?

A2A / Agent2Agent Protocol has an OpenSSF Scorecard score of 7.0/10. The Scorecard checks for branch protection, signed releases, dependency updates, fuzzing, code review, and other supply-chain hygiene items. See the full check breakdown on this page.

Is A2A / Agent2Agent Protocol actively maintained?

Actively maintained. The repository was pushed to within the last 1 day(s).

What license does A2A / Agent2Agent Protocol use?

A2A / Agent2Agent Protocol ships under Apache-2.0. A declared, OSI-approved license is one of the transparency signals HVTrust scores.

Are A2A / Agent2Agent Protocol's commits signed?

99% of the last 100 commits to A2A / Agent2Agent Protocol are verified-signed (GPG, SSH, S/MIME, or GitHub's signing flow). Signed commits help confirm that code was authored by who the commit claims.

Not a safety endorsement. HVTracker describes what public signals show, not whether a project is safe for your use case. Run your own security review before adopting in production.

Compare A2A / Agent2Agent Protocol head-to-head

A2A / Agent2Agent Protocol vs MCP Registry → A2A / Agent2Agent Protocol vs Model Context Protocol / MCP →

Runtime trust — coming soon

HVTrust currently scores supply-chain signals. We're adding runtime trust next: what an agent actually does when it runs — what it can reach, which tools it carries, what external services it depends on. Track progress on the roadmap →

MCP support
Tool / plugin surface
External service deps
Package provenance drift

Maintain A2A / Agent2Agent Protocol?

HVTrust scores A2A / Agent2Agent Protocol from public signals only — we never contact maintainers first. If a signal is wrong, stale, or missing (provenance you publish, a Scorecard you run, signed releases), tell us and we'll review it. Corrections are public and tracked on GitHub.

Submit a correction → Add the trust badge

Reputation Timeline

2026-05-29

HVTrust Changed

HVTrust up 10.2pts (75.2 → 85.4)

2026-05-28

Rank Moved

Rank rose 40 spots (#59 → #19)

2026-05-28

HVTrust Changed

HVTrust up 5.9pts (69.3 → 75.2)

2026-05-28

Activity Score Changed

Activity score up 12pts (67 → 78)

2026-05-27

Scorecard Added

OSSF Scorecard: 6.8/10

2026-05-27

HVTrust Changed

HVTrust up 23.8pts (45.5 → 69.3)

2026-05-25

Newly Listed

First tracked at rank #60

GitHub → PyPI: a2a-sdk

Embed Badge Badge guide for maintainers →

        Markdown:

        [![HVTrust](https://hvtracker.net/badge/a2a-agent2agent-protocol.svg)](https://hvtracker.net/agents/a2a-agent2agent-protocol)

        HTML:

        <a href="https://hvtracker.net/agents/a2a-agent2agent-protocol"><img src="https://hvtracker.net/badge/a2a-agent2agent-protocol.svg" alt="HVTrust"></a>

Other agents in Protocols & Tool Integration

A2A / Agent2Agent Protocol head-to-head

Data sources
GitHub REST API (repo, commits, stars, forks, license) · PyPI / pypistats (downloads, provenance) · OSSF Scorecard via deps.dev · Algolia HN Search API
Each agent's signals refresh once daily across 6 staggered batches. Methodology v3.1 · Raw JSON