AgentReadyHomeAgent ListingPricing

← Tuixt

Tuixt — agentic threat model

5.2AIVSS 5.2 · Medium

Tuixt is a low-risk informational chat agent focused on trade barriers and tariffs, presenting minimal agentic risk due to its lack of autonomous execution capabilities, though it remains susceptible to data poisoning and prompt injection leading to regulatory misinformation.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 0.91Factor sum 1.6/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.10
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the underlying LLM is not specified, but it is vulnerable to standard LLM threats like prompt injection, adversarial manipulation to bypass policy restrictions, and hallucinated trade regulations.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely uses RAG or a vector database containing the 2025 Foreign Trade Barriers Report and US tariff data. Threats include knowledge-base poisoning if the source documents are manipulated, and data exfiltration of proprietary queries.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the orchestration framework is unspecified. If it uses tool-calling for database queries, threats include insecure tool integration and prompt injection leading to unauthorized data retrieval.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosting and sandboxing details are absent. Standard web application vulnerabilities, container escape, or denial of service on the hosting infrastructure remain potential threats.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no evaluation, guardrails, or observability tools are mentioned. Lack of monitoring could lead to undetected drift in regulatory advice or unlogged prompt injection attempts.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no authentication, authorization, or compliance certifications (like SOC2) are mentioned. Misinformation on trade barriers could lead to regulatory non-compliance for users.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — the agent appears to operate standalone without multi-agent orchestration or marketplace integrations, minimizing ecosystem-specific cascading failure risks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.