AgentReadyHomeAgent Listing

← CheepCode

CheepCode — agentic threat model

8.5AIVSS 8.5 · High

CheepCode presents a high agentic risk profile due to its autonomous write access to both project management tools (Linear) and code repositories (GitHub), making it a high-value target for supply chain attacks and unauthorized code injection.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.92Factor sum 5.6/10Threat ×1.1Mitigation ×0.9
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.40
Contextual Awareness
0.80
Dynamic Identity
0.60
Multi-Agent Interactions
0.10
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models used by CheepCode are not disclosed, leaving potential vulnerabilities to model-specific prompt injection or alignment bypasses unquantified.

L2 · Data Operations✓ mapped

CheepCode ingests sensitive context from Linear tasks and GitHub codebases. Knowledge-base poisoning is a major threat, where a malicious actor could craft a Linear task containing prompt injection to manipulate the agent's code output.

L3 · Agent Frameworks✓ mapped

The agent framework autonomously translates Linear tasks into code modifications and GitHub PRs. Vulnerabilities here include insecure tool integration where the agent could be tricked into executing arbitrary shell commands if it runs tests or build tools locally.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — It is unclear whether CheepCode executes and tests the generated code in a secure, sandboxed environment before submitting PRs, posing a risk of container escape or host compromise if malicious code is executed during a test phase.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of real-time monitoring, guardrails, or anomaly detection to flag suspicious code modifications or unauthorized task transitions before they reach the PR stage.

L6 · Security & Compliance (cross-cutting)✓ mapped

The agent requires high-privilege OAuth tokens or API keys for GitHub and Linear. Compromise of these secrets would grant attackers direct write access to the user's repositories and project management boards.

L7 · Agent Ecosystem✓ mapped

CheepCode operates in a multi-platform ecosystem (Linear to GitHub). A compromise in the project management layer (e.g., an external user creating a malicious ticket) cascades directly into the code repository layer via autonomous PR generation.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).