AgentReadyHomeAgent Listing

← Famous.ai

Famous.ai — agentic threat model

8.3AIVSS 8.3 · High

Famous.ai presents moderate agentic risk primarily centered on its ability to generate and deploy executable code and database schemas (Supabase) from natural language prompts, which could be exploited via prompt injection to generate malicious applications or compromise backend databases.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.3AARS uplift 1.03Factor sum 3.8/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.60
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.30
Contextual Awareness
0.40
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

The platform relies on foundation models to translate natural language prompts into code and database schemas. This introduces risks of prompt injection, where malicious prompts could force the model to generate insecure code, backdoors, or exfiltrate sensitive system prompts.

L2 · Data Operations✓ mapped

Data operations involve processing user-provided prompts, mock data flows, and schema definitions. Risks include the potential exposure of intellectual property (app ideas) in prompt history and the ingestion of poisoned mock data templates.

L3 · Agent Frameworks✓ mapped

The agent framework orchestrates code generation, UI assembly, and Supabase backend configuration. Vulnerabilities here include insecure tool integration, where the orchestrator might execute unsafe code generation steps or misconfigure database access controls.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — details regarding the sandboxing of the generated code during preview/execution, secure hosting of the builder platform, and isolation of user environments are not specified.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of automated security scanning (SAST), guardrails to prevent the generation of malicious code, or observability tools to monitor generated application behavior.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — the mechanism for securely storing and isolating user-provided Supabase API keys, database credentials, and user authentication policies is not detailed.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — the platform does not explicitly describe multi-agent collaboration or a marketplace for third-party agent extensions, limiting ecosystem-level cascading risks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).