AgentReadyHomeAgent Listing

← Canva brand-check

Canva brand-check — agentic threat model

6.2AIVSS 6.2 · Medium

This agent presents a moderate risk profile primarily focused on data privacy and brand asset integrity, as it utilizes the Canva Connector MCP to read live workspace designs and Brand Kits but lacks autonomous write or execution capabilities.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 1.22Factor sum 2.6/10Threat ×1.0Mitigation ×0.95
Autonomy of Action
0.20
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.40
Persistent Memory
0.20
Contextual Awareness
0.60
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying LLM is not specified. Standard foundation model risks apply, such as prompt injection bypassing brand-check rules or causing the agent to misreport compliance.

L2 · Data Operations✓ mapped

The agent reads live Canva designs and Brand Kit assets (colors, fonts, voice). Risks include unauthorized access to sensitive draft designs or intellectual property, and potential data exfiltration if the MCP connector is compromised.

L3 · Agent Frameworks✓ mapped

Uses the Canva Connector MCP to execute read actions. Risks involve tool misuse where malicious inputs could trick the tool into reading unauthorized workspace files or leaking design metadata.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Hosted as a Canva-published Agent Skill. Infrastructure security depends entirely on Canva's hosting environment, sandboxing of MCP connectors, and secure API transport.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No logging, evaluation, or guardrail mechanisms are detailed. Gaps here could prevent detection of silent failures in compliance checks or unauthorized data access.

L6 · Security & Compliance (cross-cutting)✓ mapped

Relies on Canva's OAuth/identity framework to authorize access to the user's workspace. Weaknesses in token handling or session management could lead to unauthorized brand asset access.

L7 · Agent Ecosystem✓ mapped

Operates as a published Agent Skill in the Canva ecosystem. Risks include ecosystem supply-chain attacks, such as a malicious update to the Canva Connector MCP or impersonation of the brand-check skill.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).