AgentReadyHomeAgent Listing

← MineDoc

MineDoc — agentic threat model

8.7AIVSS 8.7 · High

MineDoc presents a moderate-to-high risk profile due to its combination of private document ingestion (RAG) and active outbound capabilities like web scraping and internet research, which could be exploited for data exfiltration via prompt injection.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.2Factor sum 4.8/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.70
Persistent Memory
0.60
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.40
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on third-party commercial foundation models. Primary threats include prompt injection that could hijack the assistant's research and scraping tools.

L2 · Data Operations✓ mapped

Highly critical layer as the agent ingests 'private knowledge' and 'specific documents'. Threats include knowledge-base poisoning via malicious documents and unauthorized exfiltration of sensitive ingested data.

L3 · Agent Frameworks✓ mapped

Orchestrates web scraping, data analytics, and internet research. Threats include tool misuse where an attacker uses prompt injection to force the agent to scrape unauthorized internal resources or execute malicious queries.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely hosted on standard cloud infrastructure. Threats include lack of sandboxing for the data analytics execution environment, potentially allowing remote code execution.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of built-in guardrails or logging. Threats include a lack of observability into what data the scraping tool is extracting and sending back to the user or external endpoints.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — closed-source freemium model. Threats include weak access controls on shared knowledge bases and potential compliance violations (GDPR/copyright) during automated web scraping.

L7 · Agent Ecosystem✓ mapped

Features 'easy to collaborate with assistants'. Threats include cascading trust issues where a compromised assistant compromises other collaborated assistants or leaks shared private knowledge.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).