AgentReadyHomeAgent Listing

← BuildShip

BuildShip — agentic threat model

9.4AIVSS 9.4 · Critical

BuildShip presents a high agentic risk profile due to its ability to generate and execute custom backend code and integrate with arbitrary external APIs. The primary threat vector is the potential for prompt injection or model manipulation to generate malicious code that executes within its hosting environment.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.91Factor sum 5.8/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.60
Self-Modification
0.40
Dynamic Tool Use
0.90
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.50
Multi-Agent Interactions
0.40
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

BuildShip utilizes foundation models to translate natural language into backend logic and code. This introduces risks of prompt injection leading to insecure code generation, or adversarial manipulation of the workflow logic.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The listing does not specify how BuildShip manages training data, vector stores, or internal RAG architectures, though it connects to external databases and APIs.

L3 · Agent Frameworks✓ mapped

As an orchestration framework, BuildShip allows users to create custom flow nodes and execute code. Vulnerabilities include insecure tool integration, arbitrary code execution via generated nodes, and tool misuse within automated workflows.

L4 · Deployment & Infrastructure✓ mapped

BuildShip hosts backend APIs and workflows, meaning it must manage secrets (API keys) and execute user-defined code. This poses severe risks of container escape, privilege escalation, and lateral movement if the execution environment is not strictly sandboxed.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no explicit mention of built-in evaluation, guardrails, or logging/monitoring features to detect anomalous workflow executions or drift.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The listing does not detail specific compliance certifications (e.g., SOC2, ISO), identity governance, or fine-grained authorization policies for workflow execution.

L7 · Agent Ecosystem✓ mapped

BuildShip integrates horizontally with any tool or API. This ecosystem exposure introduces risks of cascading failures across third-party integrations and unauthorized API access if credentials are compromised.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).