skill-bus — agentic threat model
skill-bus acts as an orchestration middleware for declarative skill composition and context injection, presenting risks of malicious skill injection and unauthorized tool execution if the declarative configurations are tampered with.
OWASP AIVSS score rationale
| Autonomy of Action | 0.30 | |
| Goal-Driven Planning | 0.40 | |
| Self-Modification | 0.20 | |
| Dynamic Tool Use | 0.70 | |
| Persistent Memory | 0.10 | |
| Contextual Awareness | 0.60 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.50 | |
| Non-Determinism | 0.30 | |
| Opacity & Reflexivity | 0.30 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — skill-bus is a meta-plugin for skill composition and does not specify or bundle a foundation model.
Not certain from the listing — skill-bus manages skill composition and context injection, but does not detail its own vector stores or data pipelines.
skill-bus operates directly at this layer by enabling declarative skill composition and context/condition injection. The primary threats are insecure skill composition, malicious context injection, and the bypass of execution conditions within the orchestration framework.
Not certain from the listing — skill-bus is a zero-dependency meta-plugin, but its deployment environment (sandboxing, hosting) is not specified.
Not certain from the listing — there is no mention of built-in logging, evaluation, or guardrails for the skill composition.
Not certain from the listing — the listing does not mention authentication, authorization, or policy enforcement mechanisms for skill execution.
By enabling multi-skill composition and injection of skills into other skills, it facilitates a local ecosystem of tools/agents. Threats include cascading failures across composed skills and unauthorized skill-to-skill interactions.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).