AgentReadyHomeAgent Listing

← gdrive-mcp

gdrive-mcp — agentic threat model

4.7AIVSS 4.7 · Medium

gdrive-mcp is a low-risk, read-only local MCP server that exposes Google Drive search capabilities to an LLM, presenting a primary risk of data exfiltration if untrusted context from retrieved files triggers prompt injection.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 1.03Factor sum 2.3/10Threat ×0.95Mitigation ×0.75
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.10
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The agent relies on an external, unspecified LLM via the MCP host. The primary L1 threat is indirect prompt injection, where malicious content stored in Google Drive files hijacks the host model's instructions during retrieval.

L2 · Data Operations✓ mapped

The agent performs read-only search operations on Google Drive. The main threat is data exfiltration or unauthorized exposure of sensitive personal/corporate files retrieved from the Drive index and passed into the LLM context.

L3 · Agent Frameworks✓ mapped

Implements the Model Context Protocol (MCP) for tool calling. The toolset is strictly limited to read-only search, significantly reducing the risk of destructive tool misuse, though framework-level parsing vulnerabilities remain a vector.

L4 · Deployment & Infrastructure✓ mapped

Runs locally on the user's machine, eliminating cloud-hosting risks but exposing local environment variables and the local file system if the host application or MCP server is compromised.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, audit trails, or guardrails to monitor what queries are executed or what file contents are returned to the LLM.

L6 · Security & Compliance (cross-cutting)✓ mapped

Authentication relies on a local Google credential file. Security is enforced via OAuth scopes restricted to read/search, aligning with the principle of least privilege, though local credential storage must be secured by the host OS.

L7 · Agent Ecosystem✓ mapped

Operates as a single-purpose utility tool within an MCP host. The primary ecosystem threat is another compromised agent in a multi-agent host environment querying this tool to silently harvest Google Drive data.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).