AgentReadyHomeAgent ListingPricing

← ShortWave

ShortWave — agentic threat model

8.7AIVSS 8.7 · High

Shortwave presents a high-risk profile primarily due to its deep integration with sensitive user communication channels (Gmail/Google Workspace) and calendar systems. The primary threat vector is indirect prompt injection via incoming emails, which could lead to unauthorized data exfiltration or automated actions performed on behalf of the user.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.3AARS uplift 0.86Factor sum 4.8/10Threat ×1.05Mitigation ×0.95
Autonomy of Action
0.60
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.70
Persistent Memory
0.50
Contextual Awareness
0.80
Dynamic Identity
0.60
Multi-Agent Interactions
0.20
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models used are not disclosed. However, the reliance on LLMs for email summarization and writing assistance exposes the system to adversarial prompt injection, particularly via incoming untrusted emails.

L2 · Data Operations✓ mapped

The agent performs RAG and semantic search over the user's entire email history. This creates a high risk of indirect prompt injection where a malicious incoming email can manipulate the vector search results or exfiltrate sensitive historical data.

L3 · Agent Frameworks✓ mapped

Orchestrates tools for email sorting, task management, and calendar integration. Insecure tool integration could allow an attacker to trigger unauthorized calendar events or draft/send emails via malicious instructions embedded in incoming messages.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment architecture and secrets management for Google OAuth tokens are not detailed, representing a critical point of failure if host compromise or token leakage occurs.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of real-time guardrails or observability tools to detect and intercept prompt injection attacks or anomalous email-sending behavior.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — While Google OAuth is implied for multi-account support, specific compliance certifications (e.g., SOC2, ISO 27001) or fine-grained authorization policies are not detailed in the public listing.

L7 · Agent Ecosystem✓ mapped

The agent operates primarily as a single-user productivity tool without an active multi-agent marketplace or autonomous agent-to-agent collaboration features described.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.