AgentReadyHomeAgent ListingPricing

← HIA (Health Insights Agent)

HIA (Health Insights Agent) — agentic threat model

6.9AIVSS 6.9 · Medium

HIA presents a moderate-to-high risk profile primarily due to the handling of highly sensitive medical data (blood reports) within a self-deployed open-source architecture. While it incorporates authentication via Supabase, the potential for prompt injection via malicious PDFs and the lack of built-in clinical guardrails pose significant privacy and safety concerns.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.68Factor sum 2.7/10Threat ×1.0Mitigation ×0.85
Autonomy of Action
0.20
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.50
Contextual Awareness
0.40
Dynamic Identity
0.10
Multi-Agent Interactions
0.20
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses Llama models via Groq. Primary threats include adversarial prompt injection embedded within uploaded blood report PDFs to bypass safety guardrails, and hallucinated medical insights that could lead to incorrect self-diagnosis or physical harm.

L2 · Data Operations✓ mapped

Processes uploaded PDF files up to 20MB and stores session history in Supabase. Threats include PDF parser exploits (e.g., buffer overflows or denial of service via malicious PDFs) and unauthorized exfiltration of sensitive health data (PHI) from the database.

L3 · Agent Frameworks✓ mapped

Implements a structured 'report -> extraction -> analysis -> insights' workflow. Vulnerabilities include insecure handling of extracted PDF text, allowing indirect prompt injection to hijack the analysis phase or manipulate the multi-model cascade logic.

L4 · Deployment & Infrastructure✓ mapped

Built on Streamlit and Supabase. Threats include exposure of Supabase API keys, lack of sandboxing for the PDF extraction environment, and typical Streamlit session state vulnerabilities if deployed publicly without robust network controls.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of LLM observability, automated evaluation, or clinical guardrails to monitor the accuracy and safety of the generated health insights.

L6 · Security & Compliance (cross-cutting)✓ mapped

Utilizes Supabase-auth for user authentication. However, as an open-source template, compliance with healthcare regulations like HIPAA or GDPR is entirely dependent on the deployer's infrastructure, posing significant compliance risks.

L7 · Agent Ecosystem✓ mapped

Operates as a single-user agent with a multi-model cascade rather than a decentralized multi-agent ecosystem. Minimal risk of agent-to-agent trust abuse or cascading external agent failures.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.