Nuqualis — agentic threat model
Nuqualis presents a moderate-to-high risk profile primarily due to its direct exposure to untrusted inputs via email, making it highly susceptible to indirect prompt injection and knowledge-base poisoning through its email-based training mechanism.
OWASP AIVSS score rationale
| Autonomy of Action | 0.70 | |
| Goal-Driven Planning | 0.20 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.30 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.50 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely utilizes a commercial third-party LLM. The primary threat at this layer is indirect prompt injection embedded in incoming customer emails, which could hijack the model's output generation.
The agent is trained by sending documents to a designated email address. This creates a high risk of knowledge-base poisoning if the ingestion email address is leaked, or if malicious/unauthorized documents are processed without strict origin verification.
The orchestration framework processes incoming emails and triggers automated replies. A key vulnerability is the lack of separation between data (email content) and instructions, allowing attackers to execute indirect prompt injection attacks to exfiltrate data or send unauthorized emails.
Not certain from the listing — likely hosted on standard cloud infrastructure. Risks include insecure document parsing (e.g., processing malicious PDFs sent to the training email) and potential email spoofing if SPF/DKIM/DMARC are not properly configured.
Not certain from the listing — no observability or guardrail mechanisms are mentioned. Without robust logging and anomaly detection, malicious prompt injections or data exfiltration attempts via email could go unnoticed.
Not certain from the listing — as a closed-source, freemium tool, there is no mention of compliance certifications (e.g., SOC2, GDPR). Handling business emails inherently involves processing PII, posing significant compliance and privacy risks.
Not certain from the listing — operates primarily as a standalone email assistant. However, interacting with other automated email systems or auto-responders could trigger cascading infinite loops or unintended automated transactions.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.