AgentReadyHomeAgent Listing

← Ozor

Ozor — agentic threat model

7.9AIVSS 7.9 · High

Ozor presents a moderate risk profile, primarily driven by its automated brand kit extraction (which introduces SSRF and data poisoning vectors) and the potential for generating unauthorized or malicious video content via prompt injection.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 1.55Factor sum 4.2/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.30
Contextual Awareness
0.60
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.80
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation models for text-to-video, image generation, and LLM orchestration are not specified, making them vulnerable to standard prompt injection, adversarial inputs, or model-specific evasion techniques.

L2 · Data Operations✓ mapped

The agent automatically extracts brand kits from user-provided websites, introducing risks of SSRF, malicious HTML/CSS injection, or data poisoning from compromised target sites.

L3 · Agent Frameworks✓ mapped

Ozor orchestrates multi-step video generation and scene planning based on chat prompts. Vulnerabilities include prompt injection leading to unauthorized tool execution or generation of malicious/copyright-infringing video content.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment, sandboxing of video rendering engines, and protection of API keys for external asset generation are undisclosed, presenting potential container escape or resource exhaustion risks.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of content moderation filters, output guardrails, or logging mechanisms to detect and block deepfakes, misinformation, or offensive video generation.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Compliance certifications (e.g., SOC2, GDPR) and access controls for user-uploaded brand assets or generated videos are not documented.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The agent operates as a standalone video creation tool without documented integrations into broader multi-agent ecosystems or external marketplaces.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).