AgentReadyHomeAgent Listing

← context-engineering

context-engineering — agentic threat model

7.8AIVSS 7.8 · High

The context-engineering skill presents a moderate risk profile, primarily acting as an instruction-shaping surface that could be exploited via malicious rules files or prompt injection to manipulate downstream agent behavior.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 1.52Factor sum 4.1/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.30
Self-Modification
0.80
Dynamic Tool Use
0.20
Persistent Memory
0.30
Contextual Awareness
0.90
Dynamic Identity
0.00
Multi-Agent Interactions
0.50
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation model is not defined, but the skill's reliance on rules files makes it highly susceptible to indirect prompt injection and adversarial reprogramming if malicious instructions are introduced into the project context.

L2 · Data Operations✓ mapped

The skill directly structures project context and configures rules files. This introduces a risk of data poisoning or context manipulation if an attacker can write to or influence the project files that the skill reads.

L3 · Agent Frameworks✓ mapped

As an orchestration skill, it manages task switches and context structuring. Vulnerabilities in the host framework could allow malicious rules files to execute unauthorized tool calls or bypass system prompts.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment environment is unspecified, though as an open-source developer skill, it likely runs locally, meaning compromised rules files could potentially access local file systems depending on the host sandbox.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — The skill claims to manage task switches when output degrades, implying some form of quality monitoring, but the lack of explicit security guardrails or logging details leaves potential blind spots.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — There are no mentioned security controls, authentication mechanisms, or compliance alignments (like NIST or ISO) within this open-source skill.

L7 · Agent Ecosystem✓ mapped

The skill is designed to configure and reshape another agent's context. This creates a multi-agent trust boundary where a compromise in the context-engineering skill directly compromises the target agent's behavior.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).