AgentReadyHomeAgent Listing

← AGRIVI Engage

AGRIVI Engage — agentic threat model

8.1AIVSS 8.1 · High

AGRIVI Engage acts as a white-labeled agronomic advisor on public messaging channels (WhatsApp, Viber) with the ability to route leads and book meetings. Its primary risks stem from indirect prompt injection via user chat that could lead to malicious agricultural advice, proprietary knowledge exfiltration, or CRM/booking tool abuse.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.02Factor sum 3.9/10Threat ×1.05Mitigation ×0.95
Autonomy of Action
0.60
Goal-Driven Planning
0.40
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes commercial LLMs optimized for agronomic Q&A. Main threats include prompt injection to bypass brand alignment or generate harmful agricultural recommendations.

L2 · Data Operations✓ mapped

Utilizes a proprietary, verified agronomy knowledge base to serve RAG queries. Threats include unauthorized extraction of this proprietary IP or poisoning of the vector database/knowledge source.

L3 · Agent Frameworks✓ mapped

Orchestrates user intent recognition, lead routing, and meeting booking. Vulnerable to indirect prompt injection via chat inputs that manipulate the agent into executing unauthorized tool calls (e.g., spamming sales reps with fake meetings).

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely hosted as a SaaS solution integrated with WhatsApp/Viber webhooks. Threats include insecure webhook endpoints, API key exposure, and insufficient tenant isolation in white-label deployments.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — while it claims to secure advice quality through verified knowledge, there is no explicit mention of real-time guardrails or automated monitoring for adversarial inputs.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — handling farmer profiles and contact details via messaging apps requires strict compliance with data privacy regulations (e.g., GDPR), but specific compliance certifications are not detailed.

L7 · Agent Ecosystem✓ mapped

Integrates directly with external sales channels, ag retail, e-commerce, and calendar booking systems. Threats include trust abuse where compromised downstream CRM/booking APIs are exploited via the agent.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).