AgentReadyHomeAgent Listing

← CookPal AI

CookPal AI — agentic threat model

5.5AIVSS 5.5 · Medium

CookPal AI presents a low-to-moderate risk profile, primarily vulnerable to indirect prompt injection via untrusted social media recipe imports and potential data privacy issues regarding user-curated content.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 1.2Factor sum 2.1/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.40
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes a commercial or open-source LLM to parse and format unstructured social media posts. The primary threat is indirect prompt injection embedded within imported recipe text, which could manipulate the model's formatting behavior or voice guidance output.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — maintains a database of user-saved recipes and parsed content. Risks include data exfiltration of private collections or database poisoning if malicious recipe payloads are stored and subsequently rendered to users.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates URL scraping and voice guidance. Vulnerabilities could arise from insecure tool integration during the scraping of external social media platforms, or from voice command parsers being tricked by injected instructions.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — deployed as a closed-source freemium service. Standard web/mobile application security risks apply, such as insecure API endpoints for recipe synchronization and lack of sandboxing for the scraping components.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of guardrails, content filtering, or monitoring. A lack of input validation could allow offensive, malicious, or physically dangerous instructions (e.g., incorrect cooking temperatures) to be read aloud via voice guidance.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — likely relies on standard OAuth or basic authentication for user accounts. There are no indications of advanced compliance frameworks, data deletion guarantees, or rigorous privacy controls for user-submitted data.

L7 · Agent Ecosystem✓ mapped

The agent operates as a standalone personal assistant with no described multi-agent interactions, marketplace integrations, or collaborative agent-to-agent ecosystems.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).