AgentReadyHomeAgent Listing

← Tennr

Tennr — agentic threat model

9.4AIVSS 9.4 · Critical

Tennr presents a high-risk profile due to its direct integration with Electronic Health Records (EHR) and processing of highly sensitive Protected Health Information (PHI). Its reliance on parsing untrusted external documents (faxes) exposes it to indirect prompt injection risks that could compromise downstream clinical workflows.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.87Factor sum 5.3/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.60
Contextual Awareness
0.80
Dynamic Identity
0.30
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses RaeLLM™ 7B, a specialized model trained on 3 million healthcare documents. Threats include model stealing of this proprietary model, and adversarial prompt injection embedded in processed medical documents.

L2 · Data Operations✓ mapped

Processes highly sensitive PHI from faxes, paperwork, and EHRs. Major threats include indirect prompt injection via malicious incoming faxes designed to exfiltrate patient data or manipulate scheduling.

L3 · Agent Frameworks✓ mapped

Orchestrates workflows across EHR integrations, patient communications, and insurance verification. Vulnerabilities include insecure tool integration with EHR APIs and unauthorized tool execution if the agent is manipulated.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — details regarding the hosting environment, API gateway security, and sandboxing of the document processing engine are not specified.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no explicit mention of real-time guardrails, output validation, or drift detection for the RaeLLM model outputs.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — while healthcare operations imply HIPAA compliance, specific access controls, audit logging, and encryption standards are not detailed in the public listing.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — there is no indication of multi-agent orchestration or marketplace dependencies; the agent operates as a vertical solution.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).