AgentLint — agentic threat model
AgentLint is a low-risk repository linter packaged as a Claude Code plugin; its primary security boundary lies in the host environment, with the main threat being prompt injection or malicious repository files exploiting the scanner during execution.
OWASP AIVSS score rationale
| Autonomy of Action | 0.20 | |
| Goal-Driven Planning | 0.10 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.10 | |
| Persistent Memory | 0.00 | |
| Contextual Awareness | 0.30 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.20 | |
| Opacity & Reflexivity | 0.10 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — relies on the host model (Claude Code) for execution. If the underlying model is vulnerable to indirect prompt injection via repository files being scanned, the agent's execution context could be hijacked.
Not certain from the listing — reads local repository files (structure, docs, tooling configurations). Threats include path traversal or reading sensitive files (like local .env files) if the scanning scope is not strictly bounded.
Integrates directly as a Claude Code plugin with custom commands. Vulnerabilities in the plugin's command parsing or execution logic could allow malicious repositories to trigger unintended tool behaviors or command execution.
Not certain from the listing — runs locally within the user's development environment or CI/CD pipeline. It inherits the host system's permissions, meaning a compromise of the plugin could lead to local file access or privilege escalation.
While the tool itself is an evaluation utility for agent-readiness, it lacks built-in self-observability, logging, or guardrails to detect if its own scanning logic has been manipulated or bypassed by a malicious repository structure.
Not certain from the listing — as a free, open-source tool, there are no mentioned compliance certifications (e.g., SOC2) or built-in access controls. Security relies entirely on the user's local environment and Claude Code's native permissions.
Designed to prepare repositories for other AI agents. If AgentLint is compromised or manipulated to output false-positive readiness reports, it could lead downstream developer agents to attempt operations on unsafe or misconfigured repositories, causing cascading failures.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).