AgentReadyHomeAgent Listing

← Shobana

Shobana — agentic threat model

7.0AIVSS 7.0 · High

Shobana is a low-autonomy slide generation agent whose primary security risks stem from its integration with external platforms like Google Slides and PowerPoint, where compromised OAuth tokens or prompt injection could lead to unauthorized data access or malicious content generation.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 0.7Factor sum 1.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.10
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes commercial LLMs and text-to-image models to generate slide content and layouts. It is vulnerable to prompt injection attacks that could force the generation of inappropriate, biased, or malicious content within the slides.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes user-provided prompts and template assets. If user inputs are cached or used for downstream model training without anonymization, there is a risk of sensitive data exposure.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates prompt parsing and layout mapping. Vulnerabilities could arise from insecure tool integration with PowerPoint and Google Slides APIs, potentially allowing malicious prompt payloads to execute unintended API actions.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source web application. The primary infrastructure risk is the secure storage of third-party OAuth tokens (e.g., Google Drive/Slides access tokens) which, if compromised, could grant attackers access to users' cloud storage.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no details are provided regarding output filtering, content moderation, or input guardrails to prevent the generation of copyright-infringing or abusive visual assets.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — requires integration with external presentation suites. Security risks include over-privileged OAuth scopes and a lack of transparent compliance policies regarding user data retention and privacy.

L7 · Agent Ecosystem✓ mapped

The agent operates as a standalone utility without multi-agent collaboration or marketplace integrations, minimizing ecosystem-level cascading risks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).