AgentReadyHomeAgent ListingPricing

← Replit

Replit — agentic threat model

8.7AIVSS 8.7 · High

Replit represents a high-risk agentic profile due to its ability to autonomously write, execute, and deploy code, which can be exploited via prompt injection to run malicious shell commands or exfiltrate workspace secrets.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.8AARS uplift 0.82Factor sum 6.25/10Threat ×1.1Mitigation ×0.9
Autonomy of Action
0.80
Goal-Driven Planning
0.90
Self-Modification
0.40
Dynamic Tool Use
0.95
Persistent Memory
0.60
Contextual Awareness
0.80
Dynamic Identity
0.30
Multi-Agent Interactions
0.20
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the specific foundation models used by Replit's agent are not detailed in the directory listing, but threats include model reprogramming and adversarial prompt injection leading to malicious code generation.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — the data pipeline, RAG, or vector stores used for codebase context are not specified, posing risks of codebase data exfiltration or poisoning if untrusted code is ingested.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the exact orchestration framework is proprietary, but the agent's ability to plan, write, and execute code introduces severe risks of tool misuse (e.g., executing destructive shell commands).

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — while Replit historically uses containerized sandboxes (Repls) for execution, the directory listing does not detail the sandboxing controls, leaving risks of container escape or privilege escalation.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — the observability and guardrail mechanisms for monitoring agent-generated code and runtime anomalies are not described, creating blind spots for malicious executions.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — compliance alignments (like SOC2) and secrets management policies for API keys within the workspace are not specified in the listing.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — interactions with external package registries or multi-agent collaborations are not detailed, presenting risks of dependency confusion or malicious package installation.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.