Instrukt — agentic threat model
Instrukt presents a high-risk profile due to its terminal-based, self-hosted nature, where compromised modular agents or malicious inputs could lead to direct command execution and host infrastructure compromise.
OWASP AIVSS score rationale
| Autonomy of Action | 0.60 | |
| Goal-Driven Planning | 0.50 | |
| Self-Modification | 0.30 | |
| Dynamic Tool Use | 0.70 | |
| Persistent Memory | 0.40 | |
| Contextual Awareness | 0.50 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.60 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — Instrukt is a terminal-based framework and does not specify a default foundation model, meaning model-level threats (adversarial examples, poisoning) depend entirely on the user's self-hosted or API-connected LLM configuration.
Not certain from the listing — The framework supports modular agents but does not detail its default vector database or RAG pipeline, leaving data operations and potential data exfiltration risks to the user's local setup.
As an open-source framework for extending modular agents, it is highly susceptible to insecure tool integration, malicious agent modules, and prompt injection leading to unauthorized local command execution via the terminal.
Being a terminal-based, self-hosted environment, the primary infrastructure risk is local privilege escalation or host compromise if the agent executes untrusted code or commands directly on the user's machine without sandboxing.
Not certain from the listing — There is no mention of built-in evaluation, logging, or guardrail mechanisms to monitor agent behavior or detect anomalous terminal commands.
Not certain from the listing — As an open-source, self-hosted tool, compliance and access control policies (like authentication or audit logging) are likely absent by default and must be managed entirely by the host administrator.
The framework's modular nature allows extending and interacting with multiple agents, introducing risks of rogue or compromised community-contributed modules and cascading failures within the local ecosystem.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.