AgentReadyHomeAgent Listing

← Gong (Composio MCP)

Gong (Composio MCP) — agentic threat model

7.2AIVSS 7.2 · High

This agent exposes highly sensitive corporate sales data, transcripts, and deal insights via MCP tools, presenting a significant data exfiltration and prompt-injection risk if the underlying LLM is manipulated.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.94Factor sum 3.6/10Threat ×1.05Mitigation ×0.85
Autonomy of Action
0.30
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.20
Contextual Awareness
0.50
Dynamic Identity
0.50
Multi-Agent Interactions
0.30
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The agent relies on external LLMs via the MCP host. The primary threat is indirect prompt injection where malicious instructions embedded in Gong call transcripts hijack the model's behavior during summarization.

L2 · Data Operations✓ mapped

The agent acts as a data retrieval pipeline for sensitive Gong transcripts, analytics, and deal insights. Threats include unauthorized data exfiltration of customer PII and proprietary sales strategies through compromised tool calls.

L3 · Agent Frameworks✓ mapped

Orchestrated via Composio MCP. The primary threat is tool misuse, where an attacker manipulates the agent into executing unauthorized API calls (e.g., fetching transcripts the user shouldn't have access to) due to loose framework-level validation.

L4 · Deployment & Infrastructure✓ mapped

Composio manages the hosting and execution environment of the MCP server. Security relies heavily on the isolation of the Composio environment and the secure storage of the managed Gong access keys.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no explicit mention of real-time guardrails, transcript sanitization, or logging of tool executions to detect anomalous data access patterns or injection attempts.

L6 · Security & Compliance (cross-cutting)✓ mapped

Authentication is handled via Composio's managed access keys. A key risk is privilege misalignment, where the agent inherits broad API permissions under the connected key, bypassing granular user-level access controls.

L7 · Agent Ecosystem✓ mapped

As an MCP tool, this agent can be composed with other agents in a multi-agent workflow. This introduces cascading risks where a compromised downstream agent could request and exfiltrate Gong's sensitive revenue data.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).