AgentReadyHomeAgent Listing

← Cloudflare cloudflare-one-migrations

Cloudflare cloudflare-one-migrations — agentic threat model

9.3AIVSS 9.3 · Critical

This agent possesses high-risk capabilities due to its ability to modify production network and access configurations during Zero Trust migrations, making any compromise or logic failure highly impactful to enterprise security boundaries.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.77Factor sum 4.9/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.60
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.30
Contextual Awareness
0.70
Dynamic Identity
0.40
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation model is not specified. Standard LLM risks apply, particularly prompt injection or adversarial inputs that could trick the model into generating insecure or overly permissive Zero Trust access rules.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The agent relies on legacy VPN configuration data and mapping rules. If this input data is poisoned or maliciously structured, it could lead to incorrect mapping logic and unintended network exposures.

L3 · Agent Frameworks✓ mapped

The agent framework orchestrates migration steps and executes configuration changes. Insecure tool integration is a critical threat here, as the agent directly modifies Cloudflare One access and network configurations based on its planning logic.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment and sandboxing of the execution runtime are unspecified. Compromise of the deployment infrastructure could expose sensitive Cloudflare API keys or administrative credentials used for migrations.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in guardrails, dry-run validations, or observability tools to monitor and rollback erroneous network configuration changes made by the agent.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The agent lacks explicit details on authorization boundaries, credential management, or compliance auditing for the highly privileged network modifications it performs.

L7 · Agent Ecosystem✓ mapped

As an open-source Agent Skill, it operates within the broader Cloudflare ecosystem. Risks include supply-chain vulnerabilities in the skill's repository or unauthorized execution by other compromised agents in a multi-agent setup.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).