AgentReadyHomeAgent ListingPricing

← OfferFlowAI

OfferFlowAI — agentic threat model

8.2AIVSS 8.2 · High

OfferFlowAI presents a moderate-to-high risk profile primarily due to its integration with the user's Gmail inbox, making it highly vulnerable to indirect prompt injection via incoming recruiter emails which could lead to data exfiltration or unauthorized draft generation.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.72Factor sum 2.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.50
Contextual Awareness
0.50
Dynamic Identity
0.20
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on a commercial LLM (e.g., GPT-4 or Claude) for extraction and drafting. The primary threat is indirect prompt injection, where a malicious recruiter email contains instructions that hijack the model to exfiltrate inbox data or draft malicious replies.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely stores extracted job details (salary, company, role) and email metadata in a proprietary database to populate the dashboard. Threats include data leakage of sensitive job search details and lack of encryption for cached email content.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely uses a lightweight orchestration framework to parse emails, trigger LLM calls, and interface with Gmail. Threats include insecure tool integration if the Gmail API write-access is exploited to send unauthorized emails rather than just drafting them.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely hosted on standard cloud infrastructure (e.g., AWS, GCP, or Vercel). The main threat is the compromise of stored Gmail OAuth tokens, which would grant attackers direct access to users' personal email accounts.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of observability, logging, or input filtering. The lack of guardrails to detect adversarial prompt injections in incoming emails represents a significant blind spot.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — requires Gmail OAuth permissions. The primary threat is over-scoped OAuth permissions (e.g., requesting full mail access instead of read/draft-only) and a lack of clear compliance standards (like SOC2 or GDPR) for handling sensitive personal communications.

L7 · Agent Ecosystem✓ mapped

The agent operates as a standalone assistant interacting directly with the user's inbox and dashboard; it does not participate in a multi-agent ecosystem or external agent marketplaces.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.