AgentReadyHomeAgent Listing

← LittleSis MCP

LittleSis MCP — agentic threat model

4.3AIVSS 4.3 · Medium

The LittleSis MCP is a low-risk, read-only connector designed to query corporate power structures. Its lack of write capabilities, state persistence, or autonomous execution limits its threat profile to data enrichment and potential prompt injection via external content.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 0.7Factor sum 1.3/10Threat ×0.95Mitigation ×0.85
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.00
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.20
Non-Determinism
0.20
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The connector is model-agnostic and relies on the host agent's foundation model. The primary L1 threat is indirect prompt injection if malicious data is ingested from the LittleSis database and parsed by the model.

L2 · Data Operations✓ mapped

The agent acts as a RAG data pipeline querying the external LittleSis API. While the database is public and read-only, there is a minor risk of data poisoning at the source or manipulation of returned relationship data to bias the agent's context.

L3 · Agent Frameworks✓ mapped

The agent framework exposes read-only tools for entity and relationship queries. Risks are low due to the lack of write surfaces, but insecure tool integration in the host framework could lead to SSRF or parameter injection if query inputs are not sanitized.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment context depends on the host system running the Model Context Protocol (MCP) host. Standard infrastructure threats include insecure storage of API keys (if required) and lack of network sandboxing for outbound API calls.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, auditing, or guardrails for the queries executed or the data returned. Observability relies entirely on the host MCP implementation.

L6 · Security & Compliance (cross-cutting)✓ mapped

The tool is open-source and free with no built-in authentication or authorization mechanisms described. It relies on the host application to enforce access controls and compliance policies regarding data usage.

L7 · Agent Ecosystem✓ mapped

Designed as an MCP tool, this agent is built to interact within a larger ecosystem. The primary risk is cascading trust abuse, where another compromised agent uses this tool to gather intelligence or injects malicious payloads into the query pipeline.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).