AgentReadyHomeAgent Listing

← cc-sdd

cc-sdd — agentic threat model

9.5AIVSS 9.5 · Critical

cc-sdd introduces high agentic risk by integrating autonomous, long-running Spec-Driven Development workflows and 17 on-demand skills directly into local developer environments and IDEs, potentially allowing arbitrary code execution or file modification if compromised.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 1.04Factor sum 6.3/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.90
Self-Modification
0.40
Dynamic Tool Use
0.80
Persistent Memory
0.50
Contextual Awareness
0.70
Dynamic Identity
0.30
Multi-Agent Interactions
0.60
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — relies on external foundation models (Claude Code, Gemini, etc.) configured by the user; vulnerable to prompt injection that could hijack the Kiro-style command execution flow.

L2 · Data Operations✓ mapped

Operates directly on local codebase files, steering documents, and team templates. Risk of data exfiltration or unauthorized modification of local source code and design specifications.

L3 · Agent Frameworks✓ mapped

Orchestrates 17 on-demand Agent Skills and Kiro-style requirements-to-tasks commands. Vulnerable to insecure tool integration and command injection, allowing malicious instructions to execute local development tasks.

L4 · Deployment & Infrastructure✓ mapped

Deploys directly inside developer environments and IDEs (Cursor, Windsurf, VS Code/Copilot). Lacks sandboxing by default, presenting a high risk of local host compromise or privilege escalation if the agent is exploited.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no built-in evaluation, logging, or guardrail mechanisms are mentioned to monitor the execution of the 17 autonomous skills or long-running tasks.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — lacks explicit mention of access controls, identity management, or compliance auditing for the generated code and design templates.

L7 · Agent Ecosystem✓ mapped

Supports multi-agent tool workflows across various IDEs and CLI tools. Vulnerable to cascading failures or trust abuse if one agent tool in the pipeline is compromised and passes malicious instructions to others.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).