Eliciteer — agentic threat model

Not certain from the listing — The underlying foundation models are unspecified. The primary threat is adversarial prompt injection by interviewees attempting to hijack the model, bypass the custom briefing constraints, or extract system instructions.

Not certain from the listing — The exact data storage and RAG architecture are not detailed. However, because the agent collects qualitative interview data (potentially containing PII/HR data), there is a risk of data exfiltration or indirect prompt injection if malicious interviewee responses are ingested into downstream analysis databases.

The agent framework orchestrates dynamic, real-time follow-up questions and triggers webhooks (Zapier, Make, n8n). Threat: Insecure tool integration where unvalidated interviewee inputs are passed directly to webhooks, potentially leading to injection attacks in downstream automation workflows.

Not certain from the listing — The hosting, sandboxing, and network isolation mechanisms are not described. Standard web application vulnerabilities and lack of tenant isolation during concurrent interview sessions represent potential infrastructure risks.

Not certain from the listing — There is no mention of real-time guardrails or observability tools. Without them, the agent could generate inappropriate, biased, or toxic follow-up questions during autonomous interviews without the creator's immediate knowledge.

Not certain from the listing — No compliance certifications (e.g., GDPR, SOC2) are cited. This is a significant gap given that the tool is used for sensitive use cases like HR screening, user research, and knowledge capture which involve processing PII.

The agent interacts with external ecosystems via webhooks (n8n, Make.com, Zapier). Threat: Compromising the agent via prompt injection could allow an attacker to abuse these integrations, triggering unauthorized actions or cascading failures in connected enterprise systems.