AgentReadyHomeAgent Listing

← Getsolved

Getsolved — agentic threat model

6.0AIVSS 6.0 · Medium

Getsolved is a low-autonomy AI writing workspace and detector with minimal agentic risk, primarily exposed to document processing vulnerabilities, prompt injection, and data privacy risks associated with uploaded files.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 0.71Factor sum 1.6/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.20
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on external commercial or open-source LLMs for text generation and rewriting. Key threats include prompt injection to bypass AI detection or generate prohibited content.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes uploaded PDF, Word, and plain text files. Threats include malicious file uploads (e.g., parser exploits), data exfiltration via prompt injection, and potential leakage of sensitive user documents.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely uses a basic chat and document-processing orchestration framework rather than an autonomous agent loop. Primary threats involve insecure integration of file-parsing libraries.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely hosted as a standard web application. Risks include Server-Side Request Forgery (SSRF) if the plagiarism checker fetches external web sources, and insecure cloud storage for uploaded files.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no explicit mention of guardrails or logging. There is a risk of users gaming the AI detector using adversarial text manipulation (humanizing) without detection by the platform.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — while the tool is noted as open source (allowing public code auditing), there are no details regarding user authentication, access controls, or compliance with data privacy regulations like GDPR.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — the platform operates as a standalone workspace and does not appear to interact with external agent marketplaces or multi-agent networks, minimizing ecosystem-level threats.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).