Skygen — agentic threat model
Skygen presents a high-risk profile due to its combination of full desktop automation, execution within cloud environments, and access to over 1,000 sensitive SaaS integrations (e.g., Gmail, Salesforce, Slack). While isolated cloud environments and real-time human-in-the-loop capabilities provide some mitigation, a compromise could lead to severe unauthorized actions and data exfiltration across enterprise boundaries.
OWASP AIVSS score rationale
| Autonomy of Action | 0.80 | |
| Goal-Driven Planning | 0.90 | |
| Self-Modification | 0.20 | |
| Dynamic Tool Use | 0.95 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.80 | |
| Dynamic Identity | 0.85 | |
| Multi-Agent Interactions | 0.70 | |
| Non-Determinism | 0.80 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The specific foundation models powering Skygen are not disclosed. However, the model is susceptible to prompt injection attacks via untrusted web content or emails it processes, which could hijack the desktop automation flow.
Not certain from the listing — The data ingestion, caching, and vector storage mechanisms are not detailed. The primary threat is the exposure or leakage of highly sensitive data (financials, emails, CRM records) processed during workflow execution.
Skygen uses a highly capable planning and execution framework to translate natural language into multi-step GUI and API actions. The main threat is tool misuse, where the agent misinterprets instructions or is manipulated into executing destructive actions across connected SaaS platforms.
The platform hosts agents on 'isolated cloud computers'. While this sandboxing limits direct host compromise, threats include VM escape, session hijacking, and the theft of active session tokens or credentials stored within the cloud desktop environment.
Skygen features 'real-time visibility' and human-in-the-loop intervention. A key threat is observability evasion, where a compromised agent performs malicious background API calls or rapid GUI actions that bypass or spoof the real-time monitoring interface.
Not certain from the listing — No specific security compliance standards (such as SOC 2, GDPR, or OAuth governance) are detailed. The lack of explicit identity and access management controls for the 1,000+ connectors poses a significant compliance and authorization threat.
Skygen supports 'parallel agent execution' and integrates with collaborative tools like Slack. This introduces multi-agent threats, such as cascading failures or lateral privilege escalation, where a compromised agent influences or commands another parallel agent to perform unauthorized tasks.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.