AgentReadyHomeAgent Listing

← Docyrus AI Agent Framework

Docyrus AI Agent Framework — agentic threat model

7.2AIVSS 7.2 · High

Docyrus AI Agent Framework presents a high-risk profile due to its extensive integration capabilities (SQL execution, CRM logging, email sending) and multi-agent orchestration, but this is partially offset by robust enterprise security controls like row-level security, scoped tool access, and human-in-the-loop pauses.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 1.09Factor sum 6.9/10Threat ×1.05Mitigation ×0.75
Autonomy of Action
0.70
Goal-Driven Planning
0.80
Self-Modification
0.20
Dynamic Tool Use
0.90
Persistent Memory
0.80
Contextual Awareness
0.80
Dynamic Identity
0.50
Multi-Agent Interactions
0.90
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Supports multiple external foundation models (OpenAI, Anthropic, Google, Groq), introducing risks of prompt injection, adversarial manipulation, and dependency on third-party model alignment and availability.

L2 · Data Operations✓ mapped

Features enterprise RAG with citations and SQL execution. Risks include knowledge-base poisoning, embedding inversion, and unauthorized data exfiltration via manipulated retrieval queries.

L3 · Agent Frameworks✓ mapped

Orchestrates multi-agent workflows and tool calling (SQL, CRM, email). Vulnerable to tool misuse, indirect prompt injection leading to unauthorized actions, and memory poisoning across sessions.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — details on the underlying hosting infrastructure, containerization, or sandboxing of background workers and SQL execution environments are not specified, posing potential risks of privilege escalation or lateral movement.

L5 · Evaluation & Observability✓ mapped

Includes logging, guardrails, and auditable MCP gateway calls, which help mitigate blind spots, though complex multi-agent interactions still present risks of evaluation gaming and drift.

L6 · Security & Compliance (cross-cutting)✓ mapped

Implements enterprise security controls including multi-tenancy, row-level security, API key management, and scoped tool access to enforce authorization boundaries and compliance.

L7 · Agent Ecosystem✓ mapped

Supports multi-agent delegation and Model Context Protocol (MCP) gateway calls. Risks include cascading failures, agent-to-agent trust abuse, and rogue agent behavior during delegation.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).