AgentReadyHomeAgent Listing

← DeepPDF

DeepPDF — agentic threat model

6.6AIVSS 6.6 · Medium

DeepPDF presents a low agentic risk due to its limited autonomy and lack of multi-step planning, but poses moderate data confidentiality risks as a document-processing tool susceptible to indirect prompt injection and parser-based exploits.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.8AARS uplift 0.76Factor sum 1.8/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on third-party foundation models for text generation, translation, and image analysis. The primary threat is indirect prompt injection, where malicious instructions embedded within an uploaded PDF hijack the model's behavior during chat or summarization.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes uploaded PDFs, images, and formulas, likely utilizing temporary storage, OCR pipelines, and vector embeddings for RAG. Threats include data exfiltration of sensitive user documents and potential leakage of cached document contents across sessions.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates document parsing, OCR, translation, and rewriting tools. Threats include insecure tool integration, where the orchestrator fails to sanitize inputs passed to underlying PDF parsers or conversion libraries.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a web-based productivity tool. The main threat is container or host compromise resulting from processing maliciously crafted PDFs designed to exploit vulnerabilities in underlying parsing libraries (e.g., PDF-to-image or OCR engines).

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of active monitoring, input/output guardrails, or evaluation frameworks. This creates a blind spot for detecting adversarial prompt injections hidden in user-uploaded documents.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no explicit security certifications, compliance standards (e.g., GDPR, SOC2), or data retention policies are detailed, raising concerns regarding the privacy and ownership of uploaded intellectual property.

L7 · Agent Ecosystem✓ mapped

DeepPDF operates as a standalone, single-user productivity tool with no multi-agent coordination, marketplace integrations, or external agent-to-agent communication channels described.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).