AgentReadyHomeAgent Listing

← docs-guardian

docs-guardian — agentic threat model

7.8AIVSS 7.8 · High

docs-guardian presents a moderate-to-high risk profile due to its write access to local codebases and execution of hooks, which could be exploited via prompt injection in source files to modify documentation or execute unauthorized file writes.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.8AARS uplift 0.9Factor sum 4.1/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.70
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.20
Contextual Awareness
0.80
Dynamic Identity
0.10
Multi-Agent Interactions
0.20
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on Anthropic Claude models via Claude Code. Primary threats include indirect prompt injection via malicious source code comments designed to hijack the documentation generation process or bypass accuracy checks.

L2 · Data Operations✓ mapped

Reads local source code and documentation files to perform accuracy and coverage analysis. Threats include data exfiltration of proprietary code if the plugin transmits data to external LLM endpoints without encryption, and knowledge poisoning from malicious codebase inputs.

L3 · Agent Frameworks✓ mapped

Operates as a Claude Code plugin executing file-system hooks to compare and rewrite documentation. Insecure tool integration or vulnerabilities in the hook execution framework could allow arbitrary file writes or directory traversal attacks.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — typically runs locally on developer workstations or within CI/CD pipelines. If compromised, the plugin could facilitate privilege escalation or lateral movement within the developer's local environment or build network.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — provides coverage and staleness metrics, but lacks detailed runtime guardrails or logging mechanisms to detect if the agent is being manipulated into generating misleading or malicious documentation.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — being an open-source and free plugin, it likely lacks formal compliance certifications (e.g., SOC2) and relies entirely on the host environment's access controls and user permissions.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — functions within the broader Claude Code plugin ecosystem. Threats include supply chain attacks where a compromised version of the plugin is distributed, or cascading failures if integrated with other automated repository-management agents.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).