AgentReadyHomeAgent Listing

← comptable (paperasse)

comptable (paperasse) — agentic threat model

7.5AIVSS 7.5 · High

The 'comptable' agent poses moderate risk due to its execution of local helper scripts on accounting data, though its overall agentic risk is constrained by its localized, open-source nature and lack of native network-facing autonomy.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 1.22Factor sum 3.3/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.20
Contextual Awareness
0.40
Dynamic Identity
0.10
Multi-Agent Interactions
0.60
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the underlying LLM is not specified, but it is vulnerable to prompt injection that could alter accounting logic or trigger malicious parameters in the bundled helper scripts.

L2 · Data Operations✓ mapped

Reads bundled data files and references for French accounting. Threat of data poisoning if an attacker modifies the local reference files or inputs malicious financial documents to manipulate the agent's calculations.

L3 · Agent Frameworks✓ mapped

Orchestrates tasks by running bundled helper scripts to process documents. Vulnerable to insecure tool integration and local code execution if the framework does not sanitize inputs passed to these scripts.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — as an open-source skill pack, deployment depends on the user's local environment. Lack of sandboxing for the helper scripts could allow local privilege escalation or directory traversal.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there are no mentioned guardrails, logging, or evaluation frameworks to detect drift, anomalous script execution, or biased accounting outputs.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no built-in compliance controls, access policies, or audit trails are mentioned for handling sensitive French financial and administrative data.

L7 · Agent Ecosystem✓ mapped

Part of a 'paperasse' pack of six sibling skills (notaire, fiscaliste, etc.). High risk of cascading failures or trust abuse if these sibling agents interact and pass unvalidated data to one another.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).