ConbaseAi — agentic threat model
ConbaseAi is a low-autonomy, template-driven generation tool with low agentic risk, primarily threatened by bulk prompt injection via spreadsheet inputs and the potential for automated generation of malicious or reputational-damaging e-commerce content.
OWASP AIVSS score rationale
| Autonomy of Action | 0.20 | |
| Goal-Driven Planning | 0.10 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.20 | |
| Persistent Memory | 0.10 | |
| Contextual Awareness | 0.30 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.30 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely relies on external commercial LLMs via API to generate copy. Primary threats include prompt injection via spreadsheet inputs and model alignment issues leading to inappropriate or brand-damaging product descriptions.
The agent processes bulk data directly from spreadsheets. Threats include CSV/spreadsheet injection, data exfiltration of proprietary product catalogs, and poisoning of the input data source.
Not certain from the listing — likely uses a basic template-based orchestration framework to map spreadsheet rows to LLM prompts. Threats include insecure template rendering and prompt injection bypassing the template constraints.
Not certain from the listing — likely hosted as a SaaS web application. Threats include insecure storage of uploaded spreadsheets, API key exposure, and lack of isolation between tenant data.
Not certain from the listing — no explicit mention of guardrails or output validation. Threats include a lack of automated content moderation, allowing toxic or hallucinated copy to be generated in bulk without detection.
Not certain from the listing — claims to be 'enterprise-grade' but lacks specific compliance certifications (e.g., SOC2, GDPR). Threats include unauthorized access to bulk generation features and lack of audit trails for generated content.
Not certain from the listing — does not appear to interact with an agent ecosystem. Threats are minimal here, limited to potential downstream integrations with e-commerce platforms if automated publishing is enabled.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).