AgentReadyHomeAgent Listing

← Templafy agent

Templafy agent — agentic threat model

8.1AIVSS 8.1 · High

The Templafy agent presents a moderate-to-high risk profile due to its deep integration into critical enterprise systems like Salesforce and Microsoft Office, where compromised outputs or unauthorized tool execution could lead to significant data exfiltration or integrity loss.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.54Factor sum 3.4/10Threat ×1.05Mitigation ×0.9
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.20
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.20
Non-Determinism
0.40
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models are not disclosed. The primary threat is prompt injection bypassing the 'rule-based' guardrails to generate misaligned or malicious document content.

L2 · Data Operations✓ mapped

The agent is grounded by organizational knowledge. This introduces risks of knowledge-base poisoning, where an attacker manipulates internal documents to corrupt the agent's output, or unauthorized data exfiltration via RAG retrieval.

L3 · Agent Frameworks✓ mapped

The agent orchestrates actions across Word, PowerPoint, and Salesforce. Insecure tool integration is a major threat, where malicious prompts could trigger unauthorized API calls or data modifications in Salesforce.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — No deployment, hosting, or sandboxing details are provided. Threats include infrastructure compromise of the middleware hosting the Templafy integration.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — While 'rule-based automation' implies some deterministic guardrails, there is no mention of continuous evaluation or observability tools to detect drift or anomalous agent behavior.

L6 · Security & Compliance (cross-cutting)✓ mapped

Because the agent operates within enterprise applications like Salesforce, it must strictly adhere to user-level authorization. The main threat is privilege escalation if the agent executes actions with broader permissions than the active user.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The mention of 'Document agents' suggests potential multi-agent coordination, but there is no explicit detail on an ecosystem or marketplace, leaving risks of cascading agent-to-agent trust abuse unconfirmed.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).