AgentReadyHomeAgent Listing

← Nily AI

Nily AI — agentic threat model

8.1AIVSS 8.1 · High

Nily AI presents a moderate-to-high risk profile primarily due to its deployment as a Chrome extension with access to active browser DOM, emails, and document uploads, combined with a lack of explicit security controls or sandboxing.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.8AARS uplift 1.28Factor sum 3.8/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.30
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Integrates with multiple third-party LLMs (GPT-4o, Gemini, Claude, Mistral, Llama). Primary threats include prompt injection bypassing safety guardrails of underlying models, and model-specific vulnerabilities that could lead to unexpected or malicious outputs.

L2 · Data Operations✓ mapped

Processes user-provided PDFs, web page content, and text for translation/OCR. Threats include data exfiltration via prompt injection, processing malicious documents designed to exploit parser vulnerabilities, and lack of clarity on data retention policies.

L3 · Agent Frameworks✓ mapped

Orchestrates 20+ specialized assistants, including email drafting and automation of repetitive tasks. Threats include insecure tool integration (e.g., if email drafting can be manipulated into unauthorized sending) and prompt injection hijacking the orchestration logic.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — As a Chrome extension, the primary infrastructure threat is client-side security, including potential DOM injection, cross-site scripting (XSS) within the sidebar, and insecure storage of API keys or session tokens in the browser.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in guardrails, input/output filtering, or logging mechanisms to detect and prevent malicious prompts or anomalous model behavior.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The platform is closed-source and freemium with no explicit mention of compliance certifications (such as SOC2 or ISO), data encryption standards, or enterprise-grade access controls.

L7 · Agent Ecosystem✓ mapped

While it offers multiple 'assistants' and model comparison, there is no evidence of complex multi-agent collaboration or marketplace interactions, limiting the risk of cascading agent-to-agent trust abuse.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).