AgentReadyHomeAgent Listing

← Agentman

Agentman — agentic threat model

6.2AIVSS 6.2 · Medium

Agentman presents a high-risk profile due to its multi-agent orchestration capabilities, cross-session state persistence, and integration with sensitive domains like healthcare and legal. However, this risk is heavily mitigated by robust governance features, including human-in-the-loop controls, role-based permissions, and compliance alignments (HIPAA, SOC 2).

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 1.1Factor sum 7.0/10Threat ×1.05Mitigation ×0.65
Autonomy of Action
0.80
Goal-Driven Planning
0.90
Self-Modification
0.20
Dynamic Tool Use
0.80
Persistent Memory
0.80
Contextual Awareness
0.80
Dynamic Identity
0.50
Multi-Agent Interactions
0.90
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Runs on external foundation models (Claude, ChatGPT, Cursor, Claude Code). Threats include adversarial prompt injection bypassing SKILL.md constraints, model-side data leakage, and model misalignment affecting downstream execution.

L2 · Data Operations✓ mapped

Manages cross-session state, versioned SKILL.md files, and confidentiality walls. Threats include unauthorized cross-session state access, poisoning of shared SKILL.md files, and exfiltration of sensitive healthcare/legal data.

L3 · Agent Frameworks✓ mapped

Orchestrates complex workflows via an agent harness and executes tools over MCP. Threats include insecure tool integration via MCP, logic bypasses in SKILL.md execution, and state corruption during failed step resumption.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — details on hosting, containerization, or MCP endpoint sandboxing are not fully specified, though SOC 2 and ISO 27001 compliance are claimed.

L5 · Evaluation & Observability✓ mapped

Provides exportable audit trails and draft-review-publish workflows. Threats include logging gaps in long-running harnesses and blind spots in monitoring third-party MCP tool executions.

L6 · Security & Compliance (cross-cutting)✓ mapped

Features robust governance including RBAC, confidentiality walls, human-in-the-loop controls, and HIPAA/ISO 27001/SOC 2 alignment. Threats include misconfigured RBAC, failure of HITL bypasses, and compliance drift in healthcare/legal contexts.

L7 · Agent Ecosystem✓ mapped

Orchestrates hundreds of agents and offers a curated library of 87+ cloneable skills. Threats include rogue or compromised skills in the library, cascading failures across orchestrated agents, and A2A trust abuse within the harness.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).