AgentReadyHomeAgent Listing

← python-testing-patterns

python-testing-patterns — agentic threat model

6.6AIVSS 6.6 · Medium

The python-testing-patterns agent skill presents a low direct agentic risk due to its passive nature as a guidance loader, but it introduces supply-chain risks if compromised, as it influences the generation of unit, integration, and CI test suites.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 0.3Factor sum 0.8/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.00
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.20
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The skill is model-agnostic but relies on an underlying LLM to interpret and apply the Python testing patterns, making it susceptible to prompt injection or model alignment issues that could alter the generated test code.

L2 · Data Operations✓ mapped

The skill acts as a static knowledge base of Python testing patterns. The primary threat is data poisoning of the source repository, which could lead to the injection of insecure testing patterns (e.g., weak mocks or disabled security checks) into the agent's knowledge base.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — It is unclear how the host agent framework integrates this skill, but insecure tool integration or framework-level prompt injection could allow an attacker to bypass the intended testing patterns and execute arbitrary code during test generation.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment environment of the agent using this skill is unspecified, but if the agent executes the generated tests (especially async/DB tests) without a secure, sandboxed container, it poses a risk of host compromise.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There are no mentioned guardrails or logging mechanisms to detect if the agent is generating malicious test suites or if the injected patterns have been tampered with.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No identity, authorization, or compliance controls are described. If used in enterprise CI/CD pipelines, the lack of access controls on who can modify or load this skill poses compliance risks.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While tagged as an 'Agent Skill', there is no explicit multi-agent interaction described, though a compromised skill could propagate insecure code patterns to other downstream agents in a shared ecosystem.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).