AgentReadyHomeAgent Listing

← ASPR Sales Analyst AI

ASPR Sales Analyst AI — agentic threat model

8.7AIVSS 8.7 · High

ASPR Sales Analyst AI presents a moderate-to-high risk profile due to its direct integration with sensitive CRM systems, email drafting capabilities, and ingestion of proprietary sales data. A compromise could lead to unauthorized data exfiltration of customer records or integrity issues via automated CRM updates.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.23Factor sum 4.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.70
Persistent Memory
0.60
Contextual Awareness
0.80
Dynamic Identity
0.40
Multi-Agent Interactions
0.20
Non-Determinism
0.50
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models powering ASPR are not disclosed. Standard LLM risks apply, including prompt injection that could alter email drafts or CRM update payloads, and potential data leakage of training/fine-tuning data if proprietary models are used.

L2 · Data Operations✓ mapped

ASPR ingests highly sensitive data including CRM records, meeting transcripts, sales playbooks, and ex-employee deal data. This creates a high-value target for data exfiltration, embedding inversion, and knowledge-base poisoning, which could corrupt coaching insights or leak proprietary sales strategies.

L3 · Agent Frameworks✓ mapped

The agent framework orchestrates CRM updates, document creation, and email drafting. Vulnerabilities here include tool misuse (e.g., unauthorized CRM writes or malicious email generation via prompt injection) and memory poisoning from malicious transcripts or external documents.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting infrastructure, network isolation, sandboxing of document generation processes, and secret management for CRM/email API keys are not detailed in the public directory.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of real-time guardrails, LLM firewalls, or observability logging to detect anomalous CRM writes or malicious email drafts before they are presented to the user.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Compliance certifications (such as SOC 2, GDPR, or ISO 27001) and specific identity/access management controls governing which sales reps can access ex-employee deal data are not specified.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While the agent interacts with external ecosystems (CRMs, email clients), it is unclear if it coordinates with other autonomous agents or operates within a multi-agent marketplace.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).