← schema-markup-generator (NotFair)
schema-markup-generator (NotFair) — agentic threat model
The schema-markup-generator presents a moderate risk profile primarily driven by its write capabilities; if subjected to indirect prompt injection via source web pages, it could generate and write malicious JSON-LD (potentially leading to Stored XSS or SEO poisoning) directly to web environments without validation.
OWASP AIVSS score rationale
| Autonomy of Action | 0.40 | |
| Goal-Driven Planning | 0.20 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.30 | |
| Persistent Memory | 0.00 | |
| Contextual Awareness | 0.40 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.30 | |
| Opacity & Reflexivity | 0.20 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely relies on a commercial or open-source LLM to parse page content and structure it. It is highly vulnerable to indirect prompt injection if the source page content contains adversarial instructions designed to hijack the model's output.
Not certain from the listing — operates on transient page content rather than a persistent vector database. The primary data risk is ingestion of untrusted, user-generated, or poisoned web page content during the read phase.
Not certain from the listing — likely orchestrated as a single-purpose skill. The main framework risk is insecure tool integration during the 'write' phase, especially if the agent has direct write access to a CMS or file system without strict schema validation.
Not certain from the listing — deployment context is undefined. If run locally or within a shared server environment without strict containerization, a compromise of the execution environment could lead to local file access or privilege escalation.
Not certain from the listing — there is no mention of output validation, syntax checking, or guardrails to ensure the generated JSON-LD is safe and conforms strictly to schema.org specifications before being written.
Not certain from the listing — lacks visible access control, authentication, or audit logging mechanisms to track when, where, and by whom the schema generation is triggered and written.
As part of the NotFair SEO/ads suite, this skill may interact with or be triggered by other agents in the suite. A compromise in one part of the suite could cascade, allowing malicious schema generation to be automated across multiple domains.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).