Add A2AS Certificate

[a2as-team]

Add A2AS Certificate for Agent Transparency and Security

Summary

This PR adds an agent certificate using the A2AS format - an open standard for agentic AI security. The certificate declares operational boundaries, agentic actions, and resources. It acts as a transparency artifact for your agent.

This repository has been certified and added to the registry.

Info and visualization available via the link or badge:

A2AS.org/certified/agents/derailed-dash/llms-generator

About A2AS Certificates

A2AS certificates are declarative manifests for agent behavior. They describe what an agent is designed to do:

• AI level: agents, models, tools, resources
• APP level: imports, functions, variables
• OS level: files, networks, processes

Certificates are human-readable and machine-readable, and can be used as a transparency and security artifact.

The A2AS standard is a project from the A2AS.org initiative led by experts from big tech and security companies.

Benefits For This Project

This A2AS certificate can help to:

• Make it easier for contributors to see what the agent does
• Increase trust in your agent by making its behavior explicit
• Grow adoption with security-conscious and enterprise users

What This PR Does

This PR doesn't change any code:

• Only adds a2as.yaml to the repository root
• Aligns the certificate with the current agent logic
• Does not modify agent code, prompts, or configuration

Optional Next Steps

When the agent changes, the A2AS certificate is expected to be updated.

A2AS project maintainers can help with updating the certificate as your agent evolves.

If you find this relevant, you can add the A2AS Shield to your README.md file:

[gemini-code-assist]

Summary of Changes

Hello @a2as-team, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request integrates an A2AS certificate into the repository, significantly enhancing the transparency and security posture of the agent. By adopting this open standard, the project provides a clear, machine-readable, and human-readable declaration of the agent's design, including its operational boundaries, actions, and resource utilization. This strategic addition is intended to build greater trust with contributors and users by explicitly defining the agent's behavior, all without altering any existing functional code.

Highlights

• A2AS Certificate Added: An A2AS certificate has been added to the repository, establishing an open standard for agentic AI security.
• Enhanced Transparency: The certificate explicitly declares the agent's operational boundaries, agentic actions, and resources, serving as a transparency artifact.
• No Code Changes: This pull request solely introduces the a2as.yaml file and does not modify any existing code, prompts, or configurations.
• Benefits for Project: The certificate aims to make agent behavior clearer for contributors, increase trust, and potentially grow adoption among security-conscious users.

Changelog

• a2as.yaml
  • Added the A2AS certificate file, detailing the agent's manifest, agents, models, tools, teams, imports, functions, variables, and file access patterns.

Activity

• No specific review comments or activities have been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces an A2AS certificate to improve transparency and security, focusing on the a2as.yaml manifest. A medium-severity prompt injection vulnerability was identified in the content_summariser_agent where untrusted file content is directly embedded into the agent's prompt, potentially allowing manipulation of generated summaries. It is recommended to update the prompt to better isolate untrusted content. Furthermore, the review highlighted a critical error with the certificate's issuance date, potential security concerns with a declared environment variable, and inconsistencies in types, naming, and file action declarations affecting maintainability and reliability.

[gemini-code-assist]

The issued.at timestamp is set to a future date (in 2026). This is likely an error and may cause validation issues with tools that process this certificate. Please correct it to the actual issuance date.

[gemini-code-assist]

The import path agent.document_summariser_agent is ambiguous and likely incorrect. The project contains multiple agent.py files within the specified scope. This will likely cause issues for any tool that relies on this certificate for static analysis or dependency tracking. Please provide a full, unambiguous Python import path, for example llms_gen_agent.sub_agents.doc_summariser.document_summariser_agent.

[gemini-code-assist]

The manifest declares that the agent reads an environment variable named key. This name is very generic and could potentially refer to a sensitive credential (like an API key). While transparency is the goal of A2AS, declaring a generic name like key can be a security risk if it encourages developers to use insecure variable names. Furthermore, this variable does not appear to be used anywhere in the provided source code, making its presence here suspicious. Please clarify the purpose of this variable or remove it if it's not needed. If it is a secret, consider a more specific name (e.g., THIRD_PARTY_API_KEY) to reduce ambiguity.

[gemini-code-assist]

The instruction for the content_summariser_agent directly concatenates raw file content into the prompt using the {files_content} placeholder. This creates a prompt injection vulnerability. If the agent processes a file containing malicious instructions (e.g., 'IGNORE ALL PREVIOUS INSTRUCTIONS...'), an attacker could hijack the agent's behavior, leading to the generation of false or misleading summaries. Untrusted input from files should be clearly separated from the core prompt instructions to mitigate this risk.

[gemini-code-assist]

The value for max_iterations is specified as a string "200". In the corresponding Python code (src/llms_gen_agent/sub_agents/doc_summariser/agent.py, line 221), this is an integer. While YAML parsers might handle this, it's better to use the correct type to avoid potential issues. The same applies to other numeric values like temperature, top_p, and max_output_tokens which are also quoted as strings. Please represent numeric values as numbers, not strings.

 max_iterations: 200

[gemini-code-assist]

There's an inconsistency in the naming of content_summariser_agent. The agent key is content_summariser_agent (with 's'), but its name parameter is content_summarizer_agent (with 'z'). For consistency with the agent key and the prevalent spelling in the project, it's recommended to use the 's' spelling.

 name: content_summariser_agent

[gemini-code-assist]

The instruction for this agent is split into a list of strings, with some sentences broken across multiple list items. This can harm readability and might be misinterpreted by the agent framework. It's better to have each list item be a complete, self-contained instruction or paragraph. Consider using YAML's literal block scalar (|) to preserve the multi-line string as it is in the source code, which would improve readability and maintainability.

[gemini-code-assist]

This entry for llms.txt declares a read action, but the agent's purpose is to write to this file. The write action is correctly declared for the llms_txt_path variable on line 495. This llms.txt entry is redundant and incorrect, which can be confusing. I recommend removing this entry to avoid ambiguity.