AgentReadyHomeAgent ListingPricing

← Humanlinker

Humanlinker — agentic threat model

8.6AIVSS 8.6 · High

Humanlinker presents a moderate-to-high security risk due to its deep integration with enterprise CRMs and browser-level access via a Chrome extension. A compromise could lead to sensitive customer data exfiltration or automated social engineering attacks executed through the user's authenticated sessions.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.08Factor sum 4.1/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.60
Persistent Memory
0.50
Contextual Awareness
0.70
Dynamic Identity
0.40
Multi-Agent Interactions
0.10
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses foundation models to perform DISC personality analysis and generate personalized outreach messages. Threats include prompt injection that could manipulate the personality assessment or force the generation of malicious/phishing outreach templates.

L2 · Data Operations✓ mapped

Ingests prospect data from LinkedIn and CRMs (Salesforce, HubSpot, Dynamics) for contact enrichment and verification. Threats include data exfiltration of sensitive CRM contact lists and potential poisoning of enrichment data sources.

L3 · Agent Frameworks✓ mapped

Orchestrates tool execution across CRM APIs, enrichment databases, and browser-based LinkedIn interactions. Threats include insecure tool integration where compromised inputs trigger unauthorized CRM writes or bulk data exports.

L4 · Deployment & Infrastructure✓ mapped

Deploys as a Chrome extension alongside a web application, requiring session access to LinkedIn and API keys for CRMs. Threats include session hijacking via the Chrome extension, local storage exposure of credentials, and insecure API key management.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of built-in guardrails, output filtering for generated messages, or logging mechanisms to detect anomalous CRM data access or prompt injection attempts.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — the description does not detail compliance certifications (such as SOC2 or GDPR), data retention policies for synced CRM data, or role-based access controls (RBAC) for sales teams.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — the agent operates primarily as a standalone horizontal sales tool without explicit multi-agent collaboration or marketplace integrations.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.