Heymoon.ai — agentic threat model
Heymoon.ai acts as a personal assistant managing sensitive calendar and task data, presenting moderate risk due to its integration with personal productivity tools and persistent memory, though its autonomy is likely constrained to scheduling and organization.
OWASP AIVSS score rationale
| Autonomy of Action | 0.40 | |
| Goal-Driven Planning | 0.50 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.50 | |
| Persistent Memory | 0.80 | |
| Contextual Awareness | 0.70 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.40 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The underlying foundation models are not specified, leaving potential exposure to standard LLM risks like prompt injection or model-based hallucinations affecting task scheduling.
Not certain from the listing — The agent processes personal calendar, task, and information data, which likely involves RAG or vector storage, but the specific data ingestion, storage, and encryption mechanisms are undisclosed.
Not certain from the listing — Orchestration of calendar and task management implies tool-calling capabilities (e.g., API integrations with Google Calendar or Apple Calendar), but the framework and its tool-execution safety boundaries are not detailed.
Not certain from the listing — The hosting environment, API secrets management for third-party integrations, and sandboxing of execution environments are not described in the public listing.
Not certain from the listing — There is no mention of observability tools, logging of agent decisions, or guardrails to prevent unauthorized scheduling actions or data leakage.
Not certain from the listing — While handling personal data requires strict compliance (such as GDPR) and robust OAuth authentication for calendar access, no specific security certifications or compliance frameworks are cited.
Not certain from the listing — The agent is described as a personal assistant and does not explicitly mention interacting with other agents or operating within a multi-agent ecosystem.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.