AgentReadyHomeAgent Listing

← EDGAR SEC MCP

EDGAR SEC MCP — agentic threat model

3.6AIVSS 3.6 · Low

EDGAR SEC MCP is a low-risk, read-only tool designed to fetch public regulatory data. The primary security concern is indirect prompt injection from untrusted SEC filing text processed by the consuming LLM.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 3.1AARS uplift 0.85Factor sum 1.3/10Threat ×0.95Mitigation ×0.9
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.00
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.40
Non-Determinism
0.20
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The MCP server itself does not specify a foundation model, but the client LLM is highly susceptible to indirect prompt injection via malicious SEC filing text.

L2 · Data Operations✓ mapped

Retrieves public EDGAR data. Low risk of data poisoning at the source (SEC), but large filing text flows into the model, posing a risk of indirect prompt injection or parsing vulnerabilities.

L3 · Agent Frameworks✓ mapped

Read-only tool surface for filing search and retrieval. Low risk of tool misuse since there are no write actions, but framework must handle large payloads safely.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Deployment depends on the user's local MCP host environment. Standard container/host security applies to the running MCP server.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No built-in logging, guardrails, or evaluation mechanisms are described in this open-source tool.

L6 · Security & Compliance (cross-cutting)✓ mapped

No authentication is required as it accesses public EDGAR data. Compliance risk is low, but data privacy must be managed if sensitive queries are sent.

L7 · Agent Ecosystem✓ mapped

Designed as an MCP tool to be used by other agents. Low risk of cascading failures due to read-only nature, but could be used by rogue agents to gather financial intelligence.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).