AgentReadyHomeAgent ListingPricing

← WorkGPT

WorkGPT — agentic threat model

8.6AIVSS 8.6 · High

WorkGPT is an open-source agent framework focused on API execution, presenting high risk of tool misuse and unauthorized API invocation if prompt injection occurs. Its security posture heavily depends on the developer's implementation of external sandboxing, API access controls, and input validation.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.05Factor sum 4.2/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.30
Contextual Awareness
0.40
Dynamic Identity
0.20
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — As an open-source framework, WorkGPT likely supports multiple foundation models (e.g., OpenAI GPTs). Threats include prompt injection leading to unauthorized API execution, adversarial reprogramming, and model-specific alignment bypasses.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The framework's handling of data operations, RAG, or vector stores is not specified. Risks depend on how developers implement data ingestion, with potential threats of data exfiltration via API payloads or injection of malicious data into API responses.

L3 · Agent Frameworks✓ mapped

WorkGPT is specifically an agent framework designed for invoking APIs. The primary threats at this layer include insecure tool integration, tool misuse (e.g., executing destructive API calls), and framework vulnerabilities that allow prompt injections to hijack the API execution flow.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — As an open-source framework, deployment is managed by the user. Threats depend heavily on the hosting environment, including lack of sandboxing for API execution, insecure storage of API keys/secrets, and potential container compromise.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in evaluation, logging, or guardrail mechanisms. Without these, developers face blind spots regarding anomalous API calls, prompt injections, or drift in agent behavior.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The framework does not specify built-in authentication, authorization, or policy enforcement controls for API access. Security relies entirely on the developer's implementation of external IAM and API gateways.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — It is unclear if WorkGPT supports multi-agent orchestration or marketplace integrations. If deployed in a multi-agent setup, threats include cascading failures and unauthorized agent-to-agent API invocations.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.