AgentReadyHomeAgent Listing

← HashiCorp Agent Skills

HashiCorp Agent Skills — agentic threat model

9.7AIVSS 9.7 · Critical

This agent poses a high security risk due to its integration with critical HashiCorp infrastructure-as-code and secrets management tools, where unauthorized execution or prompt injection could lead to full cloud environment compromise.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 9.3AARS uplift 0.42Factor sum 5.4/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.90
Persistent Memory
0.20
Contextual Awareness
0.70
Dynamic Identity
0.80
Multi-Agent Interactions
0.20
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The agent relies on Claude models (via Claude Code plugins) but the specific foundation model security controls, alignment, or vulnerability to adversarial prompt injection are not detailed in the listing.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — While the agent manages IaC and secrets workflows, the listing does not detail how training/RAG data, vector stores, or state files are secured against data poisoning or exfiltration.

L3 · Agent Frameworks✓ mapped

The agent uses Claude Code plugins and 2 MCP servers to expose HashiCorp tooling (15 skills). This introduces risks of tool misuse, insecure tool integration, and command injection if the agent executes arbitrary IaC or secrets commands without strict schema validation.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The agent interacts with HashiCorp tooling (likely Terraform, Vault, Consul, etc.), which requires high-privilege access to infrastructure and secrets. However, the listing does not specify if the MCP servers or agent run in a sandboxed environment or how lateral movement is prevented.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in evaluation, logging, or guardrails to monitor the agent's IaC and secrets operations for anomalous behavior.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Although it integrates with HashiCorp secrets workflows (potentially Vault), the listing does not specify how the agent itself is authenticated, authorized, or audited when executing high-privilege infrastructure changes.

L7 · Agent Ecosystem✓ mapped

The agent is distributed as a marketplace collection of 5 plugins and 2 MCP servers. This introduces ecosystem risks, such as supply chain attacks on the plugins/MCP servers or malicious updates to the marketplace repository.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).