AgentReadyHomeAgent Listing

← Avoca

Avoca — agentic threat model

6.6AIVSS 6.6 · Medium

Avoca presents a moderate risk profile typical of customer-facing conversational agents, where the primary exposures are prompt injection, potential leakage of customer PII, and reputational damage from unmoderated LLM outputs.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 1.32Factor sum 2.8/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.40
Contextual Awareness
0.50
Dynamic Identity
0.10
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on commercial foundation models to generate customer service responses. Primary threats include prompt injection (allowing users to hijack the bot's behavior) and model hallucinations that could provide inaccurate business information.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely processes customer communication history and business FAQs. Threats include leakage of customer PII through conversational outputs and potential data poisoning if public-facing inputs are ingested into a RAG knowledge base without sanitization.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely uses a conversational orchestration framework to manage dialogue state. Threats include insecure tool integration if the agent is connected to booking systems or CRMs, allowing unauthorized state changes via natural language commands.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — presumably deployed as a cloud-hosted SaaS platform. Standard web application threats apply, including insecure API endpoints, lack of tenant isolation, and potential exposure of communication channel credentials (e.g., SMS/email API keys).

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no monitoring, logging, or guardrail mechanisms are detailed. A lack of real-time output filtering could allow toxic, off-brand, or malicious responses to reach customers undetected.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no security certifications (such as SOC2) or compliance frameworks (such as GDPR/CCPA for customer data) are mentioned. Access control policies for managing business-side configurations are unspecified.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — there is no indication of multi-agent coordination or marketplace integrations. Risks are limited to standard third-party communication API dependencies (e.g., Twilio, email gateways).

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).