AgentReadyHomeAgent Listing

← Pg Aiguide

Pg Aiguide — agentic threat model

8.1AIVSS 8.1 · High

Pg Aiguide acts as an MCP server providing PostgreSQL context and skills to AI agents, presenting risks primarily around database schema exposure and potential unauthorized query execution if integrated insecurely with live databases.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.62Factor sum 2.5/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.10
Multi-Agent Interactions
0.60
Non-Determinism
0.30
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The agent is an MCP server/plugin designed to feed knowledge into other AI coding tools, and does not specify its own native foundation model or alignment guardrails.

L2 · Data Operations✓ mapped

Exposes curated PostgreSQL skills, documentation, and schema context. Risks include data poisoning of the curated documentation or unauthorized exfiltration of sensitive database schemas if connected to live production databases.

L3 · Agent Frameworks✓ mapped

Uses the Model Context Protocol (MCP) to expose tools and context. Vulnerabilities in the MCP implementation or insecure tool definitions could allow an orchestrating agent to execute arbitrary or destructive SQL commands.

L4 · Deployment & Infrastructure✓ mapped

Runs as a local or containerized MCP server alongside developer IDEs. Risks include local privilege escalation, unauthorized local port exposure, or lack of sandboxing for the database connection process.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, query auditing, or evaluation guardrails to monitor what schema details are being requested or shared.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The listing does not detail authentication, authorization, or access control mechanisms for restricting which agents or users can query the MCP server.

L7 · Agent Ecosystem✓ mapped

Designed specifically to interface with other AI coding tools and agents via MCP. This introduces agent-to-agent trust risks, where a compromised coding agent could abuse the Pg Aiguide server to map database structures.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).