AgentReadyHomeAgent Listing

← CraftCV

CraftCV — agentic threat model

5.9AIVSS 5.9 · Medium

CraftCV is a low-risk, single-purpose document transformation utility with minimal agentic autonomy. Its primary security risks center on the exposure of user PII (resumes) and potential parser vulnerabilities during document upload.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 0.63Factor sum 1.5/10Threat ×0.9Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.00
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on third-party LLMs for text rewriting. Main threats include prompt injection via adversarial job descriptions or resumes, which could manipulate the output format or content.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes highly sensitive PII (resumes). Main threats include data exfiltration of user documents, insecure temporary storage of uploads, and potential privacy violations if user data is used for model retraining without consent.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely uses a simple linear pipeline rather than a complex agentic framework. Risks of tool misuse are low as no external tool execution is described.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a web application. The primary infrastructure threat is the document parsing pipeline (PDF/DOCX), which is highly susceptible to remote code execution (RCE) or denial of service (DoS) if parsers are not sandboxed.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no observability or guardrail mechanisms are mentioned. There is a risk of silent failures where the LLM hallucinating credentials or skills goes undetected by the platform.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no compliance certifications (e.g., GDPR, SOC2) are cited. Given the handling of PII, the lack of explicit data retention and deletion policies poses a compliance risk.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates as an isolated, standalone application. There are no multi-agent interactions or ecosystem integrations described, making this layer's threat profile negligible.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).