AgentReadyHomeAgent Listing

← HeyEmmett

HeyEmmett — agentic threat model

6.0AIVSS 6.0 · Medium

HeyEmmett is a low-risk, content-focused marketing copilot operating primarily as a conversational chatbot, meaning its current agentic risk is minimal. However, future expansions into social media distribution and influencer tools will increase its attack surface, requiring robust integration security and output guardrails.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.8AARS uplift 1.2Factor sum 2.3/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.20
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on third-party foundation models (e.g., GPT-4) to generate and refine marketing copy. Primary threats include prompt injection to bypass content safety filters and model reprogramming to generate spam or brand-damaging content.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely stores user-submitted marketing drafts, target keywords, and brand guidelines. Threats include data leakage of pre-launch marketing strategies and potential poisoning of the context window with malicious SEO data.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely uses a basic conversational orchestration framework. Since it acts as a 'copilot' rather than an autonomous agent, tool-use risks are currently low, but insecure prompt handling could lead to unintended system behavior.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely hosted as a standard SaaS web application. Threats include typical cloud infrastructure risks, lack of tenant isolation for user data, and API credential exposure if future integrations are configured.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of content guardrails, output validation, or drift monitoring. Gaps here could allow the agent to generate plagiarized, toxic, or highly inaccurate SEO advice without detection.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — closed-source freemium tool with no explicit security certifications (e.g., SOC2) or compliance frameworks mentioned. Risks include weak access controls and lack of audit logs for generated content.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — currently operates as a standalone copilot. However, the roadmap's planned social media and influencer marketing integrations will introduce ecosystem risks, such as API key abuse and unauthorized automated posting.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).