AgentReadyHomeAgent Listing

← Deepfind

Deepfind — agentic threat model

5.4AIVSS 5.4 · Medium

Deepfind is a low-risk, read-only research agent whose primary threat vector is indirect prompt injection via poisoned web search results, which could lead to synthesized misinformation or client-side exploitation through malicious citations.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 1.14Factor sum 2.0/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation model is not specified, making it vulnerable to standard LLM risks such as adversarial prompt injection and misaligned outputs depending on the provider used.

L2 · Data Operations✓ mapped

The agent performs real-time RAG by fetching the top 10 web results. This introduces a high risk of indirect prompt injection and data poisoning, where malicious web content can manipulate the agent's synthesized output.

L3 · Agent Frameworks✓ mapped

Orchestration is limited to executing search queries and synthesizing results. The primary risk is insecure tool integration if the search API parser fails to sanitize malicious payloads embedded in retrieved web pages.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment, sandboxing of the web scraper, and network isolation controls are not described, leaving potential gaps for SSRF or container escape during web fetching.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of real-time guardrails, output filtering, or logging mechanisms to detect when retrieved search results contain malicious or toxic content.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Compliance posture, data retention policies for user queries, and access controls are completely omitted from the public directory listing.

L7 · Agent Ecosystem✓ mapped

The agent operates as a standalone horizontal tool with no multi-agent coordination or marketplace integrations, minimizing ecosystem-level cascading failure risks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).