AgentReadyHomeAgent Listing

← Inari

Inari — agentic threat model

9.1AIVSS 9.1 · Critical

Inari presents a moderate-to-high risk profile due to its deep integrations with critical business systems like CRM, Jira, Slack, and Linear. A compromise or successful prompt injection via untrusted customer feedback could lead to unauthorized data exfiltration or manipulation of the product backlog.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.63Factor sum 4.2/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.50
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.60
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the specific LLMs used by Inari are not disclosed. Potential risks include prompt injection via untrusted customer feedback inputs, leading to misaligned prioritization or data leakage.

L2 · Data Operations✓ mapped

Inari ingests data from CRM, Slack, Jira, Linear, and customer feedback. Risks include data poisoning (injecting malicious feedback to skew prioritization) and unauthorized data exfiltration of sensitive customer or company analytics.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the orchestration framework is proprietary. Risks include insecure tool integration with Jira/Linear APIs, where manipulated prompts could trigger unauthorized ticket creation, modification, or deletion.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosting details are not provided. Standard risks include insecure storage of API keys/secrets for Slack, Jira, and CRM integrations, and lack of isolation between tenant data in this closed-source SaaS.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of built-in guardrails or evaluation frameworks. Risks include blind spots in detecting adversarial prompt injections embedded within customer feedback or CRM notes.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — compliance certifications (e.g., SOC2, GDPR) are not specified. Risks include lack of granular access controls, potentially allowing any user to access sensitive CRM data pulled by the agent.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — no explicit multi-agent interactions are described. However, integrating with Slack and Jira exposes it to ecosystem risks if other malicious bots or compromised integrations interact with it.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).