AgentReadyHomeAgent Listing

← Callbooker

Callbooker — agentic threat model

6.9AIVSS 6.9 · Medium

Callbooker presents moderate agentic risk primarily due to its public-facing voice interface, which is susceptible to prompt injection via audio (vishing) and could be abused to distribute malicious booking links or exfiltrate customer contact details.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 1.55Factor sum 3.3/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.40
Persistent Memory
0.20
Contextual Awareness
0.40
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying speech-to-text, LLM, and text-to-speech models are undisclosed. They are vulnerable to voice-based adversarial prompt injection and model reprogramming via malicious caller inputs.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The data storage mechanism for call logs, contact lists, and spam definitions is unknown. Risks include unauthorized exfiltration of caller phone numbers and metadata.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework for handling calls and triggering SMS/email booking links is unspecified. Insecure tool integration could allow callers to manipulate the agent into sending arbitrary links.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Telephony infrastructure (SIP/PSTN integration) and hosting details are omitted. Vulnerabilities could lead to telephony toll fraud or unauthorized access to webhook endpoints.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — Monitoring, call recording consent mechanisms, and guardrails against social engineering are not detailed, creating potential blind spots in call auditing.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Compliance with telephony regulations (TCPA, GDPR call recording consent) and authentication protocols for calendar integrations are not documented.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The agent interacts with external booking systems and SMS gateways. Compromise of these integrations could lead to cascading scheduling disruptions or phishing campaigns.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).