AgentReadyHomeAgent Listing

← ChurnControl

ChurnControl — agentic threat model

8.6AIVSS 8.6 · High

ChurnControl poses a moderate-to-high risk due to its integration into customer billing/retention workflows via a single line of code, creating a potential vector for client-side supply chain attacks (XSS) and unauthorized financial concessions (e.g., forced discounts or free tiers) via prompt injection.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.1Factor sum 4.4/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.40
Contextual Awareness
0.70
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.80
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes commercial LLMs to drive its empathetic, open-ended conversations. The primary threat is prompt injection, where users manipulate the model to bypass retention logic or extract system instructions.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — accesses customer data and product knowledge to tailor offers. This introduces risks of data exfiltration via conversational probing and unauthorized access to sensitive customer profiles if RAG/database queries are not strictly scoped.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates conversation state and triggers 'tailored alternatives' (likely calling APIs to apply discounts or modify subscriptions). Insecure tool integration could allow users to trick the agent into executing unauthorized billing actions.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — installed via 'a single line of code' (likely a client-side JavaScript widget). This architecture presents a significant supply chain risk; if ChurnControl's hosting or CDN is compromised, it could lead to widespread XSS on customer-facing sites.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of guardrails, evaluation frameworks, or real-time monitoring to detect and block toxic outputs, hallucinated offers, or adversarial prompt injections.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — handling customer cancellation data and subscription states requires strict compliance with privacy regulations (GDPR/CCPA) and robust access controls, none of which are detailed in the public listing.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates as a standalone horizontal customer service widget; there is no indication of multi-agent collaboration or marketplace dependencies.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).