AgentReadyHomeAgent Listing

← terraform

terraform — agentic threat model

9.2AIVSS 9.2 · Critical

The Terraform MCP server plugin introduces significant agentic risk due to its ability to automate cloud infrastructure provisioning and modification, potentially leading to unauthorized resource destruction or privilege escalation if manipulated by an adversarial LLM.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.74Factor sum 4.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.60
Self-Modification
0.10
Dynamic Tool Use
0.90
Persistent Memory
0.20
Contextual Awareness
0.50
Dynamic Identity
0.60
Multi-Agent Interactions
0.40
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The listing describes an MCP server plugin wrapping Terraform, but does not specify the underlying LLM/foundation model used to drive it.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The listing mentions registry and provider integration, but does not detail how training data, RAG, or vector stores are managed for this plugin.

L3 · Agent Frameworks✓ mapped

The agent acts as an MCP (Model Context Protocol) server exposing Terraform registry and provider tooling. Threats include tool misuse (e.g., executing destructive Terraform plans, resource deletion) and insecure tool integration.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — While it interacts with cloud infrastructure via Terraform, the hosting, sandboxing, and secrets management of the MCP server itself are not detailed in the listing.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No monitoring, logging, or guardrails are mentioned in the public directory listing.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No specific identity, authorization, policy enforcement, or compliance controls are detailed for this plugin.

L7 · Agent Ecosystem✓ mapped

Exposes an MCP server for integration into broader agentic workflows (multi-agent or client-agent ecosystems). Threats include A2A trust abuse where another agent triggers destructive IaC actions through this server.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).