AgentReadyHomeAgent Listing

← Coconuts AI

Coconuts AI — agentic threat model

5.5AIVSS 5.5 · Medium

Coconuts AI is a low-risk advisory agent that delivers daily business growth tasks via email. Its primary security risks are limited to prompt injection affecting task quality, potential phishing via compromised email delivery, and exposure of basic business profile data.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 1.2Factor sum 2.1/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.40
Contextual Awareness
0.50
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes a standard commercial or open-source LLM to synthesize business advice. Threats include prompt injection or model drift leading to the generation of counterproductive or malicious business recommendations.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — stores user-submitted business details, goals, stage, websites, and social handles. Threats include unauthorized access to this proprietary business profile data or data leakage due to insecure database storage.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — relies on a simple orchestration framework to trigger daily task generation based on stored user profiles. Threats include insecure handling of user inputs during prompt construction, potentially enabling prompt injection.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted web application with a user dashboard and an outbound email dispatch system. Threats include server compromise, database exposure, or abuse of the email delivery service to send spam or phishing campaigns.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no monitoring, logging, or output guardrails are described. Threats include a lack of validation on generated tasks, allowing inappropriate or harmful content to be emailed directly to users.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — provides a dashboard to start, stop, or reactivate the service. Threats include weak authentication or session management on the dashboard, allowing unauthorized modification of user settings.

L7 · Agent Ecosystem✓ mapped

The agent operates entirely as a standalone service with no multi-agent coordination or external marketplace integrations described in the listing.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).