AgentReadyHomeAgent Listing

← documentation-generator

documentation-generator — agentic threat model

7.5AIVSS 7.5 · High

The documentation-generator agent presents a moderate risk profile primarily centered around indirect prompt injection via source code and unauthorized local file access, as it reads codebases to synthesize documentation within the Claude Code environment.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 0.98Factor sum 2.8/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.10
Contextual Awareness
0.50
Dynamic Identity
0.00
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Likely relies on Claude models via Claude Code. Primary threats include indirect prompt injection embedded in source code comments designed to hijack the documentation output or execute unauthorized commands.

L2 · Data Operations✓ mapped

Reads local codebase files to synthesize documentation. Threats include data exfiltration of proprietary source code if the agent is compromised, and knowledge-base poisoning via malicious code comments.

L3 · Agent Frameworks✓ mapped

Orchestrated as a plugin/skill set for Claude Code. Threats include insecure tool integration where file-reading or file-writing tools could be manipulated to read sensitive files outside the codebase directory.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Runs within the user's local development environment or CI/CD pipeline. Threats include local privilege escalation or host file system compromise if Claude Code's execution environment lacks strict sandboxing.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No built-in evaluation, logging, or guardrail mechanisms are mentioned. This creates blind spots regarding what files are accessed and what content is generated.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Lacks explicit access controls, authentication, or compliance frameworks, relying entirely on the host system's user permissions.

L7 · Agent Ecosystem✓ mapped

Operates as a plugin within the Claude Code ecosystem. Threats include agent-to-agent trust abuse if other Claude Code plugins interact with or consume the output of this generator.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).