AgentReadyHomeAgent Listing

← Auxi

Auxi — agentic threat model

9.3AIVSS 9.3 · Critical

Auxi presents a high-risk profile due to its deep integration into enterprise communication channels (Slack, Teams) and access to sensitive HR systems and internal wikis, making it a prime target for prompt injection and unauthorized data exfiltration.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.8Factor sum 5.1/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.40
Contextual Awareness
0.70
Dynamic Identity
0.60
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on third-party commercial foundation models. Main threats include prompt injection to bypass HR policy guardrails and potential leakage of sensitive employee PII through model outputs.

L2 · Data Operations✓ mapped

Ingests 'Existing Wiki' data and connects to HR databases. Highly vulnerable to RAG data poisoning (e.g., an attacker editing a wiki page to inject malicious instructions) and unauthorized data exfiltration of sensitive corporate knowledge.

L3 · Agent Frameworks✓ mapped

Orchestrates workflows across '100s of pre-built integrations'. Insecure tool calling is a major threat, where a manipulated user query could trigger unauthorized actions (e.g., modifying employee records or triggering external API calls) without proper validation.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — presumably hosted as a multi-tenant SaaS platform. Key threats include insecure storage of API credentials for the 100s of integrated apps and potential tenant isolation failures.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of built-in guardrails, audit logging, or drift monitoring. Lack of observability could allow stealthy prompt injection attacks or data harvesting to go unnoticed.

L6 · Security & Compliance (cross-cutting)✓ mapped

Handles HR and employee self-service, demanding strict access control. The primary threat is privilege escalation, where the agent fails to properly map Slack/Teams user identities to their corresponding HR database permissions, leaking restricted data.

L7 · Agent Ecosystem✓ mapped

Integrates directly with Slack, Teams, and numerous third-party apps. This creates a large attack surface where a compromise in a connected third-party tool could cascade into Auxi, or Auxi could be used as a vector to attack other enterprise systems.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).