AgentReadyHomeAgent Listing

← AtsPass

AtsPass — agentic threat model

5.1AIVSS 5.1 · Medium

AtsPass is a low-risk, analysis-focused tool with minimal agentic autonomy. Its primary security risks are limited to the exposure of candidate PII contained in uploaded resumes and potential prompt injection vulnerabilities designed to manipulate compatibility scores.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 0.81Factor sum 1.5/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.20
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes commercial LLMs to analyze resume text and generate feedback. The primary threat is indirect prompt injection, where a user embeds hidden instructions in a resume to force a high compatibility score or bypass analysis filters.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes highly sensitive personally identifiable information (PII) from uploaded resumes. Risks include insecure storage of documents, lack of data retention policies, and potential data leakage if inputs are used to train downstream models.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely uses a basic pipeline to parse files and query LLMs rather than a complex agentic framework. Tool misuse risks are low as the agent does not execute external actions or call APIs on behalf of the user.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source SaaS. The primary infrastructure threat is insecure file upload handling, where malicious PDF or DOCX files could exploit vulnerabilities in the resume parsing libraries or host container.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires observability to detect anomalous inputs (such as excessively long resumes or hidden text) and to monitor for drift in scoring consistency across different resume formats.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — must adhere to strict data privacy regulations (GDPR, CCPA) due to processing job seeker PII. No security certifications or compliance audits are mentioned in the public directory listing.

L7 · Agent Ecosystem✓ mapped

AtsPass operates as a standalone, single-agent utility with no multi-agent collaboration, external marketplace integrations, or ecosystem dependencies, resulting in negligible ecosystem-level threats.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).