AgentReadyHomeAgent Listing

← postmortem-writing

postmortem-writing — agentic threat model

6.1AIVSS 6.1 · Medium

The postmortem-writing agent skill presents low direct execution risk but moderate data confidentiality risk, as it processes sensitive post-incident reports containing system vulnerabilities and timelines. Its primary threat vector is prompt injection or data poisoning designed to obfuscate root causes or exfiltrate sensitive operational data.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 0.75Factor sum 1.6/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.10
Non-Determinism
0.40
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — assumes standard LLM vulnerabilities where prompt injection could force the model to generate biased, non-blameless, or completely fabricated root-cause analyses, or leak system details from its context window.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — the skill processes incident timelines and logs. If these inputs are retrieved via RAG or external databases, there is a risk of data exfiltration or log poisoning to manipulate the postmortem outcome.

L3 · Agent Frameworks✓ mapped

The skill injects structure and facilitation guidance into the host agent. If the orchestration framework does not properly sanitize the generated postmortem markdown or attempts to automatically execute the generated 'actionable follow-ups' without human-in-the-loop approval, it could lead to unauthorized system changes.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — depends entirely on the host agent's deployment environment. If the generated postmortem reports are compiled using local PDF/HTML generators, vulnerabilities in those compilers could be exploited via malicious incident data.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there are no mentioned guardrails or evaluation mechanisms to verify the accuracy of the generated timeline or to detect hallucinated root causes, which could lead to incorrect engineering decisions.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — postmortems naturally contain highly sensitive data regarding system vulnerabilities and operational weaknesses. The listing does not indicate any built-in compliance controls, data redaction, or access policy enforcement for this sensitive output.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — if this skill is triggered automatically by other agents (e.g., an on-call alerting agent), a compromise in the upstream agent could allow an attacker to auto-generate misleading postmortems to cover their tracks during an active breach.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).