AgentReadyHomeAgent ListingPricing

← Upsella

Upsella — agentic threat model

9.0AIVSS 9.0 · Critical

Upsella presents a moderate-to-high risk profile due to its direct integration with Shopify store data and autonomous SMS communication with customers, making it a prime target for prompt injection, unauthorized discount generation, and PII exfiltration.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.2AARS uplift 0.79Factor sum 4.2/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.60
Contextual Awareness
0.50
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes commercial LLMs via API to power the conversational AI sales agent. This exposes the system to prompt injection attacks via customer SMS replies, which could trick the agent into offering unauthorized discounts or generating toxic brand-damaging outputs.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — ingests Shopify customer data, order history, and product catalogs to personalize recommendations. This creates a risk of customer PII exfiltration (phone numbers, purchase history) if the data store or RAG pipeline is compromised.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates campaign triggers (abandoned carts, post-purchase) and LLM tool-calling to generate discount codes. Insecure tool integration could allow an attacker to manipulate the discount optimization logic to generate 100% off codes.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely hosted as a cloud SaaS integrated with Shopify APIs and SMS gateways (e.g., Twilio). Compromise of this layer could lead to API key theft, webhook hijacking, or unauthorized SMS broadcasting.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — provides ROI and revenue tracking, but lacks detailed security observability or LLM guardrails, potentially leaving conversational drift or adversarial manipulation undetected.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — must adhere to TCPA/CTIA regulations for SMS consent and GDPR/CCPA for consumer data, but no specific compliance certifications (like SOC2) or data-handling policies are detailed in the listing.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates as a horizontal app within the Shopify ecosystem. It is vulnerable to upstream Shopify API changes or downstream SMS gateway outages, which could disrupt automated campaigns or cause cascading delivery failures.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.