There are two risks here (examples follow):
1. hostile requirements - "the agent won't feature adblockers", or "scraping without explicit website permission must be forbidden"
2. prohibitive requirements - "the agent implements protocols X, Y and Z and adheres to standards A, B and C" - all of these may be reasonable things, but en masse they may be too much work to carry by anyone but a reasonably big vendor
Additionally these criteria must be verifiable, so user can't basically modify the agent, because then the attestation is practically void.