AgentReadyHomeAgent Listing

← Etodist

Etodist — agentic threat model

7.2AIVSS 7.2 · High

Etodist exhibits low agentic risk due to its passive, analytical nature, but presents significant data privacy risks because it processes and stores sensitive classroom audio and video recordings containing student and teacher PII.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 0.7Factor sum 2.0/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.50
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes multimodal foundation models for video, audio, and text processing. Primary threats include indirect prompt injection via classroom dialogue (e.g., students or teachers speaking malicious instructions to manipulate the evaluation) and inherent model biases in pedagogical assessment.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — ingests and processes classroom video and audio recordings. Key threats include unauthorized access to or exfiltration of sensitive student and teacher data, data poisoning of the comparative analysis database, and lack of secure retention/deletion policies for media files.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestration likely involves sequential pipelines for transcription, metric extraction, and report generation. Threats include insecure processing of large media files and potential manipulation of the 25-metric evaluation logic via prompt injection.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — as an open-source and paid platform, deployment could be self-hosted or cloud-managed. Threats include insecure cloud storage buckets containing raw classroom recordings and standard web application vulnerabilities (e.g., broken object-level authorization).

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — provides objective feedback but does not detail how it monitors for evaluation gaming (e.g., teachers adapting their speech specifically to trick the 25 metrics) or how it detects hallucinations in the generated recommendations.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — processing classroom recordings of minors strongly implicates strict regulatory frameworks like FERPA, COPPA, and GDPR. The listing does not specify compliance certifications, access controls, or consent management workflows.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — appears to operate as a standalone analytical tool with no multi-agent coordination or external marketplace integrations mentioned, resulting in minimal ecosystem-level threats.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).