AgentReadyHomeAgent Listing

← Bob

Bob — agentic threat model

9.4AIVSS 9.4 · Critical

Bob is a highly autonomous developer agent built on the gptme architecture, capable of executing shell commands and modifying local codebases. This introduces significant risk of arbitrary code execution and local system compromise if the agent is fed malicious prompts or untrusted code repositories.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.93Factor sum 6.2/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.80
Self-Modification
0.70
Dynamic Tool Use
0.90
Persistent Memory
0.50
Contextual Awareness
0.80
Dynamic Identity
0.20
Multi-Agent Interactions
0.20
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Bob is built on the gptme architecture which typically interfaces with external LLMs (like OpenAI or local models). Threats include prompt injection leading to unauthorized command execution and model alignment bypasses.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — As a programming agent, Bob interacts directly with local files and code repositories. The primary threat is data exfiltration of sensitive source code or credentials stored in the workspace.

L3 · Agent Frameworks✓ mapped

Bob uses the gptme agent framework, which orchestrates planning, memory, and tool execution (shell, python, file editing). The primary threat is tool misuse, where malicious instructions cause the framework to execute destructive shell commands.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Bob runs locally on the user's machine or container. Without explicit sandboxing, a compromise allows full local privilege escalation, host system access, and lateral network movement.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in guardrails, real-time monitoring, or logging mechanisms to detect anomalous command execution or malicious file modifications.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — As an open-source developer tool, Bob lacks enterprise-grade access controls, identity management, or compliance auditing out of the box.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While designed to pioneer an architecture for future agents to fork from, Bob operates primarily as a standalone digital worker with no explicit multi-agent coordination or marketplace threats detailed.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).