AgentReadyHomeAgent Listing

← kaggle-skill

kaggle-skill — agentic threat model

9.4AIVSS 9.4 · Critical

The kaggle-skill plugin presents a high-risk profile due to its ability to execute arbitrary notebooks and manage Kaggle API credentials, creating opportunities for local code execution and credential theft if compromised via prompt injection.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.8AARS uplift 0.65Factor sum 5.4/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.90
Persistent Memory
0.30
Contextual Awareness
0.60
Dynamic Identity
0.80
Multi-Agent Interactions
0.10
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — relies on Claude (via Claude Code) as the foundation model. Threats include prompt injection leading to unauthorized Kaggle API calls or malicious notebook execution.

L2 · Data Operations✓ mapped

Handles dataset and model downloads from Kaggle. Threats include downloading poisoned datasets or malicious models (e.g., pickle exploits) into the user's environment.

L3 · Agent Frameworks✓ mapped

Orchestrates notebook execution, competition submissions, and API calls. Threats include insecure tool integration where malicious prompt injection can trigger arbitrary Kaggle API actions (e.g., deleting submissions, exfiltrating data).

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — as a Claude Code plugin, it likely runs on the user's local machine or terminal environment. Threats include local privilege escalation, lack of sandboxing for executed notebooks, and exposure of local Kaggle API credentials (~/.kaggle/kaggle.json).

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no built-in guardrails or logging mechanisms are described. Gaps in observability could allow malicious notebook execution to go unnoticed.

L6 · Security & Compliance (cross-cutting)✓ mapped

Handles Kaggle account setup and API authentication. Threats include credential theft (Kaggle API keys) and lack of fine-grained authorization (the plugin has full access to the user's Kaggle account).

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates primarily as a single-agent plugin. However, if integrated into a multi-agent workflow, malicious agents could abuse this plugin to exfiltrate data or submit spam to Kaggle.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).