AgentReadyHomeAgent Listing

← Linkup

Linkup — agentic threat model

7.1AIVSS 7.1 · High

Linkup acts as a high-exposure data retrieval bridge for downstream AI agents, presenting a primary risk of serving poisoned or manipulated web search results that could lead to indirect prompt injection in client RAG pipelines.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 0.59Factor sum 1.7/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.00
Contextual Awareness
0.30
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Linkup provides 'AI-powered search' and LLM-optimized formats, but it is unclear if they host proprietary foundation models or rely on third-party APIs for query processing and summarization.

L2 · Data Operations✓ mapped

Highly relevant. Linkup aggregates real-time web data and premium partner content for RAG. The primary threat is data poisoning or indirect prompt injection embedded in retrieved web content, which is then passed to downstream LLMs.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — Linkup is a tool/API integrated into other agent frameworks rather than hosting its own agentic orchestration, planning, or memory systems.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The API infrastructure must secure partner credentials and premium source access, but the hosting, sandboxing, and network isolation details are not disclosed.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in guardrails, search result sanitization, or observability features to detect and filter out malicious payloads from retrieved web pages.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — While the description claims 'fully compliant access' and 'trusted data partners', specific compliance certifications (e.g., SOC2, ISO 27001) or access control mechanisms are not detailed.

L7 · Agent Ecosystem✓ mapped

Highly relevant. As an internet-connector for AI agents, Linkup sits at a critical junction in the agent ecosystem. A compromise or manipulation of its search index could result in cascading trust abuse and exploitation across numerous downstream agent workflows.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).