AgentReadyHomeAgent Listing

← Conveyor

Conveyor — agentic threat model

8.0AIVSS 8.0 · High

Conveyor (Sue) presents a high agentic risk profile due to its deep integration with sensitive internal knowledge bases (Confluence, wikis) and write access to critical systems of record (Salesforce, Jira, Slack). While mitigated by configurable guardrails, a compromise or prompt injection attack could lead to unauthorized data exfiltration or integrity violations in enterprise systems.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.87Factor sum 5.5/10Threat ×1.05Mitigation ×0.85
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.50
Contextual Awareness
0.80
Dynamic Identity
0.30
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on commercial LLMs (e.g., GPT-4 or Claude) via API. Threats include prompt injection bypassing guardrails to leak sensitive security documents or past questionnaire answers.

L2 · Data Operations✓ mapped

Integrates heavily with internal wikis, Confluence, and past questionnaire databases. Threat of RAG poisoning (e.g., malicious content in Confluence leading to incorrect security answers) and data exfiltration of sensitive NDA-gated documents.

L3 · Agent Frameworks✓ mapped

Orchestrates multi-step tasks (reading questionnaires, querying RAG, updating Salesforce/Jira/Zendesk). Threat of tool misuse where a malicious questionnaire or prompt triggers unauthorized updates to systems of record.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely hosted as a multi-tenant SaaS. Threats include container compromise, insecure storage of API keys for Salesforce/Jira/Slack, and lack of network isolation when accessing customer portals.

L5 · Evaluation & Observability✓ mapped

Features 'no-code guardrails' to control behavior based on business rules (e.g., deal size). Threat of guardrail bypass via adversarial prompt injection in questionnaires, and potential logging blind spots regarding what data is sent to external LLMs.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — as an enterprise security tool, it likely undergoes SOC 2 audits and implements RBAC, but specific compliance certifications and credential management practices are not detailed in the public directory.

L7 · Agent Ecosystem✓ mapped

Connects directly to communication channels (Slack, Teams, email) and enterprise systems (Salesforce, Jira, Zendesk). Threat of cascading failures or unauthorized actions if a compromised upstream agent or user interacts with Sue via Slack.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).