AgentReadyHomeAgent Listing

← AgentCard

AgentCard — agentic threat model

5.4AIVSS 5.4 · Medium

AgentCard acts as a highly sensitive financial enablement tool for AI agents, introducing significant real-world financial risk that is heavily mitigated by strict human-in-the-loop approvals, single-use constraints, and Stripe-backed infrastructure.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.42Factor sum 2.8/10Threat ×1.0Mitigation ×0.6
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.70
Persistent Memory
0.20
Contextual Awareness
0.30
Dynamic Identity
0.80
Multi-Agent Interactions
0.20
Non-Determinism
0.10
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — AgentCard is an MCP server/tool rather than a foundation model itself. However, if the calling LLM is manipulated via prompt injection, it could be tricked into requesting unauthorized cards or spoofing checkout amounts.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The tool handles transaction data and cardholder details rather than RAG/vector stores. Risks include exposure of Stripe API keys, transaction logs, or cardholder metadata during transit or storage.

L3 · Agent Frameworks✓ mapped

Integrates directly as an MCP server with frameworks like Claude Code, Cursor, and Windsurf. Risks include insecure tool binding where a compromised agent framework bypasses local validation or executes unauthorized card generation requests.

L4 · Deployment & Infrastructure✓ mapped

Deployed via CLI, REST API, and Chrome extension, backed by Stripe Issuing. Risks include compromise of the REST API endpoints, local CLI credential theft, or malicious Chrome extension updates injecting fake checkout fields.

L5 · Evaluation & Observability✓ mapped

Provides push/email notifications for human-in-the-loop approvals. Risks include notification fatigue leading to accidental approvals, or lack of centralized audit logs for multi-agent card usage.

L6 · Security & Compliance (cross-cutting)✓ mapped

Enforces strict security controls: human-in-the-loop approvals, scoped spending limits, single-use cards, and 7-day auto-expiry. Compliance alignment with PCI-DSS is inherited via Stripe Issuing.

L7 · Agent Ecosystem✓ mapped

Acts as a financial enablement layer for the broader agent ecosystem. Risks include cascading financial failures if a compromised orchestrator agent programmatically requests cards across multiple sub-agents to bypass single-use limits.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).