AgentReadyHomeAgent Listing

← Reddit MCP

Reddit MCP — agentic threat model

6.9AIVSS 6.9 · Medium

The Reddit MCP connector presents a high risk of indirect prompt injection due to its core function of ingesting untrusted, user-generated Reddit content into an agent's context, though its direct operational capabilities are limited to read-only actions.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.8AARS uplift 1.13Factor sum 2.7/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.10
Contextual Awareness
0.50
Dynamic Identity
0.20
Multi-Agent Interactions
0.40
Non-Determinism
0.60
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The connector itself does not specify a foundation model, but any LLM consuming this data is highly vulnerable to indirect prompt injection from untrusted Reddit posts.

L2 · Data Operations✓ mapped

Reads public Reddit data via API. The primary threat is data poisoning and indirect prompt injection via untrusted user-generated content (UGC) retrieved from subreddits.

L3 · Agent Frameworks✓ mapped

Exposes MCP tools for browsing, searching, and retrieving posts/comments. Vulnerable to tool misuse if an orchestrating agent is hijacked via prompt injection from the retrieved content.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment environment of the MCP server (local or hosted) is unspecified, but requires secure API key management for Reddit API access if rate limits or developer accounts are used.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No built-in guardrails, sanitization, or logging of retrieved content are mentioned to detect or filter out prompt injection payloads.

L6 · Security & Compliance (cross-cutting)✓ mapped

Operates on public data, minimizing direct compliance risks like GDPR/PII unless personal data is scraped, but lacks input validation policies for untrusted UGC.

L7 · Agent Ecosystem✓ mapped

Designed as an MCP tool for other agents. A compromised or injected agent consuming this tool can propagate malicious payloads to other agents in a multi-agent system.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).