Skywork.ai — agentic threat model
Skywork.ai operates as a workspace productivity suite generating research-grade documents, spreadsheets, and multimedia, presenting high data-exposure risks due to the sensitive nature of corporate workspace data, though its open-source nature allows for independent code auditing.
OWASP AIVSS score rationale
| Autonomy of Action | 0.50 | |
| Goal-Driven Planning | 0.60 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.50 | |
| Persistent Memory | 0.40 | |
| Contextual Awareness | 0.60 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.30 | |
| Non-Determinism | 0.70 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely utilizes Skywork's own open/proprietary foundation models. Primary threats include prompt injection leading to system prompt leakage or generation of misaligned/harmful content within corporate documents.
Not certain from the listing — processes workspace documents, spreadsheets, and research data. Risks include data exfiltration of sensitive corporate IP and knowledge-base poisoning if untrusted external documents are ingested for research.
Not certain from the listing — orchestrates specialized agents for document, slide, and spreadsheet generation. Threats include insecure tool integration, such as malicious code execution during spreadsheet generation or file system path traversal.
Not certain from the listing — offered as both open-source and paid SaaS. Risks involve container escape or host compromise if the document and multimedia rendering engines are not strictly sandboxed from the host environment.
Not certain from the listing — no observability or guardrail frameworks are mentioned. Gaps in logging could allow malicious prompt injections or data exfiltration attempts to go undetected.
Not certain from the listing — lacks explicit mention of compliance certifications (e.g., SOC2, GDPR). Integrating with corporate workspaces requires strict tenant isolation and role-based access controls to prevent cross-user data leakage.
Not certain from the listing — 'Super Agents' implies a multi-agent ecosystem (docs, slides, spreadsheets). Threats include agent-to-agent trust abuse, where a compromised document agent manipulates the spreadsheet agent to alter financial data.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.