AgentReadyHomeAgent ListingPricing

← Skydis

Skydis — agentic threat model

7.7AIVSS 7.7 · High

Skydis presents a moderate risk profile as an external-facing customer service chatbot with Zapier integration. The primary risks stem from prompt injection leading to data exfiltration of business knowledge bases or unauthorized execution of downstream Zapier workflows.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 1.41Factor sum 3.8/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.30
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.40
Contextual Awareness
0.50
Dynamic Identity
0.10
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models used by Skydis are not disclosed. The primary threats at this layer include adversarial prompt injection to bypass chatbot guardrails and model reprogramming to output malicious content.

L2 · Data Operations✓ mapped

The platform allows chatbots to be trained on custom business data. This introduces risks of data poisoning (if malicious data is ingested) and data exfiltration, where attackers use prompt injection to extract sensitive business documents from the RAG knowledge base.

L3 · Agent Frameworks✓ mapped

Orchestration relies on a drag-and-drop builder and Zapier integrations. Insecure tool integration is a major threat here; a compromised or manipulated chatbot could trigger unauthorized Zapier webhooks, leading to downstream data leaks or unauthorized actions in connected business tools.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting infrastructure, sandboxing of execution environments, and network security controls are not detailed. Standard SaaS threats like container escape or widget-based Cross-Site Scripting (XSS) on client websites apply.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in evaluation frameworks, real-time guardrails, or security observability tools to detect prompt injection or anomalous chatbot behavior.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Compliance certifications (such as SOC 2 or GDPR alignment) and fine-grained access controls for managing the chatbot's training data and integrations are not specified.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While Zapier allows multi-app workflows, there is no native multi-agent ecosystem or marketplace described, limiting direct agent-to-agent trust abuse threats within the platform itself.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.