AgentReadyHomeAgent Listing

← FapJoi

FapJoi — agentic threat model

8.0AIVSS 8.0 · High

FapJoi presents a unique risk profile driven by its 'unfiltered' generative capabilities and lack of safety guardrails in an NSFW context, which could be abused for generating non-consensual imagery or malicious content via its public API.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.8AARS uplift 1.24Factor sum 3.7/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.30
Persistent Memory
0.20
Contextual Awareness
0.40
Dynamic Identity
0.10
Multi-Agent Interactions
0.20
Non-Determinism
0.80
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses advanced LLMs (Director AI) and Flux for image generation. The primary threat is prompt injection to bypass any implicit safety filters, though the system explicitly advertises 'unfiltered freedom', making it highly susceptible to generating harmful or non-consensual content.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — there is no explicit mention of RAG, vector databases, or training data pipelines, though the system must manage a large library of scenarios and user-generated prompts.

L3 · Agent Frameworks✓ mapped

The 'Director AI' acts as an orchestration framework to plan poses, angles, and scenes. Vulnerabilities here include manipulation of the orchestration logic via adversarial inputs to force unintended generation behaviors.

L4 · Deployment & Infrastructure✓ mapped

Hosted on Next.js, Modal (serverless GPU platform), and Python. Threats include container escape on Modal, insecure API endpoints, and exposure of API keys or infrastructure credentials.

L5 · Evaluation & Observability✓ mapped

The platform boasts 'unfiltered freedom' and 'boundary-free' creation, strongly implying a deliberate lack of input/output safety guardrails, content moderation, or alignment evaluations.

L6 · Security & Compliance (cross-cutting)✓ mapped

Operating in the NSFW space with 'unfiltered' capabilities poses severe compliance and legal risks, particularly regarding age verification, consent, and regional regulations on adult content.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — while an API is provided, there is no evidence of a multi-agent ecosystem, marketplace, or agent-to-agent trust boundaries.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).