AgentReadyHomeAgent Listing

← AskPandi

AskPandi — agentic threat model

6.6AIVSS 6.6 · Medium

AskPandi is a search and content curation agent with low agentic risk, primarily acting as an information aggregator. Its main security exposures involve search result poisoning and potential data privacy risks related to personalized user profiles and shared wiki content.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 1.32Factor sum 2.8/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.40
Contextual Awareness
0.50
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on third-party foundation models for query parsing and content summarization. Threats include prompt injection via malicious search results and model alignment bypasses during content generation.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes real-time search data from external sources and stores user preferences for the discovery feed. Threats include data poisoning from untrusted web sources and unauthorized access to personalized user search profiles.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates search queries and formats outputs for Pandipedia. Threats include insecure tool integration with search APIs and manipulation of query generation logic via indirect prompt injection.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source web application. Threats include standard web application vulnerabilities, lack of network isolation when fetching external search results, and insecure API key storage.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of output filtering or guardrails for generated content. Threats include a lack of observability into poisoned search inputs and the propagation of misinformation to Pandipedia.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no details on user authentication, data retention policies for search history, or compliance with privacy regulations like GDPR. Threats include unauthorized access to user accounts and data leakage.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — interacts with a shared repository (Pandipedia) but does not explicitly collaborate with other autonomous agents. Threats are limited to downstream content pollution affecting other users of the platform.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).