AgentReadyHomeAgent Listing

← Canva bulk-create

Canva bulk-create — agentic threat model

7.2AIVSS 7.2 · High

The Canva bulk-create agent presents a moderate risk profile primarily centered on its write access to the user's Canva workspace via a vendor connector. While its agentic autonomy and planning capabilities are low, a compromise could lead to unauthorized modification or defacement of brand assets.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 0.7Factor sum 2.0/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.10
Contextual Awareness
0.20
Dynamic Identity
0.20
Multi-Agent Interactions
0.00
Non-Determinism
0.20
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The listing does not specify the underlying LLM used for the Canva bulk-create skill. If an LLM is used to parse or format the input data, it could be vulnerable to prompt injection or adversarial data inputs that alter the generated designs.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The agent processes input datasets (e.g., content calendars) to populate templates. There is a risk of data exfiltration or processing of sensitive or poisoned input data, but the exact data handling and storage policies of the connector are not detailed.

L3 · Agent Frameworks✓ mapped

The agent uses the Canva Connector to execute write actions in the Canva workspace. The primary threat is insecure tool integration or tool misuse, where a compromised framework could be forced to overwrite or delete existing Canva assets instead of creating new ones.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment of the Canva Agent Skill and the security of the API endpoints connecting to Canva are not described, leaving potential risks of credential exposure or insecure transit.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of logging, guardrails, or anomaly detection to monitor the bulk-generation process for malicious or inappropriate content generation.

L6 · Security & Compliance (cross-cutting)✓ mapped

The agent relies on the Canva Connector for authentication and authorization. The main risk is the delegation of write permissions to the user's Canva workspace, which could be abused if the connector's token or session is compromised.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The listing does not indicate any multi-agent interactions or marketplace dependencies beyond the standard Canva Connector.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).