AgentReadyHomeAgent ListingPricing

← LeadRun

LeadRun — agentic threat model

8.3AIVSS 8.3 · High

LeadRun presents a moderate-to-high risk profile due to its high autonomy in automatically generating and posting personalized social media responses. The primary threat vector is prompt injection via ingested social media content, which could hijack the automated posting mechanism to distribute spam, phishing links, or brand-damaging content.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.1AARS uplift 1.16Factor sum 4.0/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.50
Self-Modification
0.00
Dynamic Tool Use
0.40
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.00
Non-Determinism
0.60
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes commercial LLMs via API to analyze social media text and generate personalized responses. Threats include prompt injection via adversarial social media posts (ingested as lead data) which could manipulate the model's output or leak system prompts.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely stores target keywords, lead interaction history, and scraped social media data. Threats include data poisoning if malicious social media profiles are ingested, or unauthorized access to stored lead databases and interaction logs.

L3 · Agent Frameworks✓ mapped

The agent orchestrates a workflow of lead detection, analysis, and automated messaging. A major threat is insecure tool integration with the Twitter/X API, where prompt injection could hijack the tool parameters to send unauthorized direct messages or public tweets.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely hosted as a cloud-based SaaS platform. The critical threat is the insecure storage of sensitive Twitter/X OAuth tokens and API keys; if the infrastructure is compromised, attackers gain direct write access to users' social media accounts.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of output guardrails or human-in-the-loop verification. The lack of automated content filtering poses a threat where hallucinated, offensive, or brand-damaging AI responses are published automatically without detection.

L6 · Security & Compliance (cross-cutting)✓ mapped

The agent manages third-party social media credentials and automates public outreach. Threats include weak multi-tenant isolation on the LeadRun platform, lack of audit logs for automated actions, and potential compliance violations of Twitter/X's automation and spam policies.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates primarily as a standalone integration with Twitter/X. Threats include interacting with other automated marketing or bot agents on the platform, potentially leading to infinite bot-to-bot interaction loops or cascading spam campaigns.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.