AgentReadyHomeAgent ListingPricing

← Upwex

Upwex — agentic threat model

7.9AIVSS 7.9 · High

Upwex operates as a Chrome extension with direct access to active Upwork sessions and Pipedrive CRM data, presenting a moderate-to-high risk profile. Its primary threats involve prompt injection via malicious job descriptions, session hijacking, and unauthorized data exfiltration from integrated platforms.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.8AARS uplift 1.14Factor sum 3.4/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.40
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying LLM is unspecified. It is highly susceptible to indirect prompt injection where malicious Upwork job descriptions manipulate the model to generate malicious code, exfiltrate user data, or bypass safety guardrails during cover letter generation.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The mechanism for storing proposal templates and client sync data is unclear. Risks include data exfiltration of sensitive CRM contacts or proprietary proposal templates if the extension's local storage or backend database is compromised.

L3 · Agent Frameworks✓ mapped

The orchestration layer manages DOM scraping of Upwork, automated field filling, and Pipedrive CRM API calls. Vulnerabilities here include insecure tool execution where malicious DOM structures on Upwork could trigger unintended API calls or data leakage to the CRM.

L4 · Deployment & Infrastructure✓ mapped

Deployed as a Chrome extension. This introduces client-side security risks, including Cross-Site Scripting (XSS) within the extension context, local storage credential theft (Pipedrive API keys, Upwork session tokens), and potential supply-chain attacks via extension updates.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of real-time guardrails, output sanitization, or logging of generated bids. This creates a blind spot where toxic, plagiarized, or hallucinated content could be automatically injected into Upwork proposals.

L6 · Security & Compliance (cross-cutting)✓ mapped

The product is closed-source and freemium with no cited security certifications (e.g., SOC2) or compliance audits. Handling CRM data and browser-level automation without explicit compliance frameworks increases regulatory and data privacy risks.

L7 · Agent Ecosystem✓ mapped

Interacts directly with the Upwork platform and Pipedrive CRM. Risks include cascading failures if Upwork updates its DOM structure (breaking the autofill/bidder) or if the extension violates Upwork's Terms of Service, leading to user account bans.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.