← People Data Labs (Composio MCP)
People Data Labs (Composio MCP) — agentic threat model
This agent presents a high data-privacy and compliance risk due to its ability to perform bulk lookups of sensitive third-party PII (emails, employment, social profiles) via a managed API key, making it a prime target for automated harvesting and reconnaissance.
OWASP AIVSS score rationale
| Autonomy of Action | 0.40 | |
| Goal-Driven Planning | 0.20 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.50 | |
| Persistent Memory | 0.10 | |
| Contextual Awareness | 0.30 | |
| Dynamic Identity | 0.40 | |
| Multi-Agent Interactions | 0.50 | |
| Non-Determinism | 0.30 | |
| Opacity & Reflexivity | 0.30 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The underlying LLM is not specified. Standard foundation model risks like prompt injection could be leveraged to force the agent to perform unauthorized bulk lookups or leak system prompts.
The agent directly queries and returns sensitive third-party PII (emails, employment, social profiles) at scale. This creates a high risk of data exfiltration, scraping, and compliance violations (GDPR/CCPA) if queries are not strictly bounded.
As an MCP tool wrapper, the agent is vulnerable to tool misuse. An orchestrator or malicious prompt could abuse the 'enrich' and 'search' tools to run unauthorized bulk lookups, draining API credits or harvesting data.
Composio handles authentication and manages the PDL API key. The primary infrastructure risk is the exposure or leakage of this managed API key through connection vulnerabilities or insecure session handling.
Not certain from the listing — There is no mention of logging, rate-limiting, or guardrails to detect and block anomalous bulk lookup patterns or unauthorized PII harvesting attempts.
Significant compliance and regulatory risks exist due to the handling of PII. While Composio manages authentication, there is a lack of clear authorization policies defining who can query whose data.
In a multi-agent ecosystem, other compromised or rogue agents could call these MCP tools to perform silent reconnaissance on targets, abusing the implicit trust within the agent network.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).