AgentReadyHomeAgent Listing

← People Data Labs (Composio MCP)

People Data Labs (Composio MCP) — agentic threat model

7.4AIVSS 7.4 · High

This agent presents a high data-privacy and compliance risk due to its ability to perform bulk lookups of sensitive third-party PII (emails, employment, social profiles) via a managed API key, making it a prime target for automated harvesting and reconnaissance.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.75Factor sum 3.0/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.40
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.10
Contextual Awareness
0.30
Dynamic Identity
0.40
Multi-Agent Interactions
0.50
Non-Determinism
0.30
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying LLM is not specified. Standard foundation model risks like prompt injection could be leveraged to force the agent to perform unauthorized bulk lookups or leak system prompts.

L2 · Data Operations✓ mapped

The agent directly queries and returns sensitive third-party PII (emails, employment, social profiles) at scale. This creates a high risk of data exfiltration, scraping, and compliance violations (GDPR/CCPA) if queries are not strictly bounded.

L3 · Agent Frameworks✓ mapped

As an MCP tool wrapper, the agent is vulnerable to tool misuse. An orchestrator or malicious prompt could abuse the 'enrich' and 'search' tools to run unauthorized bulk lookups, draining API credits or harvesting data.

L4 · Deployment & Infrastructure✓ mapped

Composio handles authentication and manages the PDL API key. The primary infrastructure risk is the exposure or leakage of this managed API key through connection vulnerabilities or insecure session handling.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of logging, rate-limiting, or guardrails to detect and block anomalous bulk lookup patterns or unauthorized PII harvesting attempts.

L6 · Security & Compliance (cross-cutting)✓ mapped

Significant compliance and regulatory risks exist due to the handling of PII. While Composio manages authentication, there is a lack of clear authorization policies defining who can query whose data.

L7 · Agent Ecosystem✓ mapped

In a multi-agent ecosystem, other compromised or rogue agents could call these MCP tools to perform silent reconnaissance on targets, abusing the implicit trust within the agent network.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).