AgentReadyHomeAgent Listing

← Minima (Local RAG)

Minima (Local RAG) — agentic threat model

5.9AIVSS 5.9 · Medium

Minima presents a low-to-moderate risk profile due to its local-only, privacy-preserving architecture, which eliminates cloud-based data exfiltration vectors. However, its security posture heavily relies on the proper scoping of its local directory indexing to prevent unauthorized access to sensitive local files by connected agents.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 0.9Factor sum 2.7/10Threat ×0.95Mitigation ×0.8
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.40
Contextual Awareness
0.80
Dynamic Identity
0.10
Multi-Agent Interactions
0.50
Non-Determinism
0.30
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific embedding and LLM models used for local RAG are not detailed, leaving potential vulnerabilities to model-specific adversarial inputs or local data poisoning unassessed.

L2 · Data Operations✓ mapped

Minima indexes local files to build its RAG context. The primary threat is local data poisoning (e.g., placing malicious files in the indexed directory) and embedding inversion, which could expose sensitive local data if the vector store is accessed by unauthorized local processes.

L3 · Agent Frameworks✓ mapped

As an MCP server, Minima integrates directly into agent frameworks. Vulnerabilities lie in how the host agent handles the retrieved context, including potential prompt injection vulnerabilities if the retrieved local text contains malicious instructions.

L4 · Deployment & Infrastructure✓ mapped

Minima runs locally on-device. The risk is tied to the host environment's security; if the process runs with elevated privileges, a directory traversal vulnerability in the indexing tool could allow access to restricted system files.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, evaluation metrics, or guardrails to monitor what data is being indexed or retrieved by the MCP server.

L6 · Security & Compliance (cross-cutting)✓ mapped

The primary security control is directory scoping (limiting the indexer to specific folders). However, there are no explicit authentication or authorization mechanisms mentioned to restrict which local agents or users can query the MCP server.

L7 · Agent Ecosystem✓ mapped

Minima is designed to serve context to other agents in an ecosystem. A compromised or rogue agent in the same environment could abuse this trust relationship to query Minima and exfiltrate sensitive local files.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).