AgentReadyHomeAgent Listing

← SWE Resume

SWE Resume — agentic threat model

5.9AIVSS 5.9 · Medium

SWE Resume is a low-risk, single-purpose utility focused on resume review. Its primary security risks are concentrated around PII data privacy (handling of uploaded resumes) and basic web application security rather than agentic autonomy or systemic propagation.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 0.58Factor sum 1.3/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.10
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on a commercial foundation model (e.g., GPT-4) via API. Primary threats include prompt injection to bypass paywalls or extract system prompts, and mis-aligned outputs providing incorrect career advice.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes user-uploaded resumes containing sensitive PII. Threats include insecure temporary storage of documents, lack of data retention/deletion policies, and potential data exfiltration if third-party APIs are used without strict privacy agreements.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely uses a simple prompt-response wrapper rather than a complex agentic framework. Threats are limited to basic prompt injection manipulating the feedback logic.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source web application. Threats include standard web vulnerabilities (OWASP Top 10), insecure file upload handling (e.g., malicious PDF/Docx parsing exploits), and lack of infrastructure sandboxing.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of continuous evaluation, guardrails, or observability. Threats include drift in feedback quality and lack of logging for abusive or malicious inputs.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — handles highly sensitive personal data (resumes) but does not specify GDPR, CCPA, or standard encryption compliance. Threats include regulatory non-compliance and unauthorized access to user profiles.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates as a standalone vertical tool with no indicated multi-agent or marketplace integrations. Ecosystem threats are currently negligible.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).