SkillMap: AI Skill manager — agentic threat model
SkillMap acts as a centralized control plane for distributing AI skills across developer IDEs, presenting a high-impact supply chain risk where compromise could allow malicious code propagation to multiple developer environments.
OWASP AIVSS score rationale
| Autonomy of Action | 0.30 | |
| Goal-Driven Planning | 0.10 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.40 | |
| Persistent Memory | 0.20 | |
| Contextual Awareness | 0.20 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.20 | |
| Opacity & Reflexivity | 0.20 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The listing does not specify which foundation models are used to power the SkillMap search or management capabilities.
Not certain from the listing — The listing mentions searching and version tracking of AI skills, but does not detail the underlying database, vector store, or data lineage mechanisms.
Not certain from the listing — While it acts as a control plane for 'AI skills,' the internal orchestration framework, memory, and tool-calling mechanisms of SkillMap itself are not disclosed.
Not certain from the listing — The agent distributes skills across IDEs and centralizes updates, but the hosting environment, sandboxing of installed skills, and secrets management are not described.
Not certain from the listing — There is no mention of evaluation metrics, guardrails, or observability logging for the skills being deployed or the control plane itself.
Not certain from the listing — The listing does not detail authentication, authorization, or compliance certifications for managing and distributing code/skills across enterprise IDEs.
SkillMap acts as a central repository and control plane for 'AI skills' across multiple IDEs. This introduces significant supply chain risks where a compromised skill could be distributed to multiple developer environments, leading to cascading trust abuse.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).