Cody by ajhous44 — agentic threat model
Cody is a local-centric AI coding assistant with read-access to codebases via real-time file monitoring and vector embeddings. Its primary security risk is the potential exfiltration of intellectual property or hardcoded secrets to third-party LLM providers (OpenAI) via prompt injection or insecure data handling.
OWASP AIVSS score rationale
| Autonomy of Action | 0.20 | |
| Goal-Driven Planning | 0.20 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.20 | |
| Persistent Memory | 0.30 | |
| Contextual Awareness | 0.60 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.40 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Leverages OpenAI's language models. Vulnerable to prompt injection attacks that could trick the model into ignoring system instructions or leaking sensitive parts of the codebase in its responses.
Uses vector embeddings, chunking, and real-time file monitoring to build a local knowledge base. Vulnerable to local data poisoning if an attacker can introduce malicious files into the monitored repository, leading to corrupted search results or malicious code recommendations.
Orchestrates interactive Q&A and codebase navigation. Vulnerable to insecure file-path handling or directory traversal if the framework does not properly sanitize user queries before matching them against the codebase index.
Not certain from the listing — likely runs as a local developer tool. If so, the primary infrastructure threats are the insecure storage of OpenAI API keys in local environment variables and lack of sandboxing for the file-monitoring process.
Not certain from the listing — no evaluation, guardrails, or monitoring tools are mentioned. This creates a blind spot where malicious or anomalous queries and data leaks to the OpenAI API go undetected.
Not certain from the listing — features a customizable ignore list to exclude sensitive files, which acts as a basic data compliance control. However, there is no evidence of robust access controls, audit logging, or enterprise compliance alignments.
Not certain from the listing — Cody appears to operate as a standalone single-agent tool with no multi-agent orchestration or ecosystem marketplace integrations described.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).