Skip to content

Add A2AS Certificate #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
a2as-team wants to merge 1 commit into
base: main
Choose a base branch
from
+77 −0
Open

Add A2AS Certificate #1

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 77 additions & 0 deletions a2as.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
manifest:
version: "0.1.3"
schema: https://a2as.org/cert/schema
subject:
name: derrickchwong/gemini-cli-on-adk
source: https://github.com/derrickchwong/gemini-cli-on-adk
branch: main
commit: "eaf0d115"
scope: [app/agent.py, app/__init__.py]
issued:
by: A2AS.org
at: '2026-02-11T16:41:38Z'

@gemini-code-assist gemini-code-assist Bot Feb 11, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

The issued.at timestamp is set to a date in the future (year 2026). An issuance timestamp cannot be in the future. This appears to be a typo and should be corrected to the actual issuance date.

    at: '2024-02-11T16:41:38Z'

url: https://a2as.org/certified/agents/derrickchwong/gemini-cli-on-adk
signatures:
digest: sha256:qcUx_PVm12hGeG5Cdxa3PrLXcmOm7dnWPG4-b9ZVYO8
key: ed25519:AYa4RPyuVevb7FlYTz57GVfe2Zvq6a8ATRMdiF5z3Z8
sig: ed25519:Mw8zDVI11HbAh4NsErwG4yja9ebGzYT0v5es39bTo-yuov1Dcj0TywVyf-YN2kCbSX_zs17HiN9aHL_YKP98Bg

agents:
root_agent:
type: instance
models: [gemini-2.5-pro]
tools: [gemini_cli]
params:
name: root_agent
instruction: ['You are a world class Software Developer and you have a very powerful tool - Gemini CLI to help analyze
code, generating test plan, generating unit tests, etc.', The codebase is cloned from a GitHub repository and stored
on /tmp directory., Always use the Gemini CLI tool to analyze the codebase and complete the user's request.]
Comment on lines +27 to +28

@gemini-code-assist gemini-code-assist Bot Feb 11, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-medium medium

The agent's instructions specify cloning a GitHub repository into the "/tmp" directory using a predictable name, which creates a Time-of-Check-to-Time-of-Use (TOCTOU) race condition. This could allow an attacker to write files to arbitrary locations. It is critical to use secure methods for temporary file and directory creation. Additionally, the instruction for root_agent is defined as a multi-line flow-style list of strings, which is inconsistent with its app/agent.py implementation. To accurately reflect the code and improve readability, it's recommended to use a YAML literal block scalar (|). The instruction content should also be updated to mitigate the security vulnerability.


models:
gemini-2.5-pro:
type: literal
agents: [root_agent]

tools:
gemini_cli:
type: function
agents: [root_agent]
params:
description: |-
Executes the Gemini CLI.

Args:
task: The task to pass to Gemini CLI, eg: explain this codebase, generate a test plan, etc.
github_url: GitHub URL to clone and analyze.

Returns:
The response from the Gemini CLI.

imports:
Agent: google.adk.agents.Agent
auth: google.auth
os: os
requests: requests
root_agent: app.agent.root_agent
subprocess: subprocess

functions:
gemini_cli:
type: sync
module: app.agent
args: [task, github_url]
params:
returns: str
get_project_id:
type: sync
module: app.agent

networks:
metadata.google.internal:
type: api
actions: [GET]
urls: [/computeMetadata/v1/project/project-id]
protocols: [http]
ports: ["80"]
params:
caller: [get_project_id]