AgentReadyHomeAgent Listing

← slidev

slidev — agentic threat model

8.2AIVSS 8.2 · High

The slidev agent poses a moderate security risk primarily due to its capability to generate executable Vue components and Markdown files. If compromised or subjected to prompt injection, it could output malicious scripts that execute locally on a developer's machine during slide rendering.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.8AARS uplift 0.42Factor sum 1.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.00
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation model is not specified. Standard threats include prompt injection leading to the generation of malicious Vue scripts or XSS payloads in the slides.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — No explicit data storage or vector database is mentioned. The agent likely operates on local Markdown/Vue files, risking local file exfiltration if prompted maliciously.

L3 · Agent Frameworks✓ mapped

The agent authors Slidev deck files containing Markdown and embedded Vue components. The primary threat is insecure tool integration or prompt injection leading to the generation of arbitrary, executable Vue/JS code.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment is unspecified, but as an open-source skill, it likely runs locally on a developer's machine, meaning compromised outputs (Vue components) execute with the user's local privileges.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in guardrails, output sanitization, or logging to detect malicious code generation before it is written to disk.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No authentication, authorization, or compliance frameworks are detailed. Security relies entirely on the user manually reviewing the generated Markdown and Vue code.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — No multi-agent interactions or marketplace integrations are described, limiting ecosystem-level cascading risks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).