tsdown — agentic threat model
The tsdown agent skill presents a moderate-to-high supply chain risk, as it generates build and bundler configurations that, if manipulated, could lead to arbitrary code execution or malicious dependency injection in developer environments or CI/CD pipelines.
OWASP AIVSS score rationale
| Autonomy of Action | 0.20 | |
| Goal-Driven Planning | 0.30 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.30 | |
| Persistent Memory | 0.10 | |
| Contextual Awareness | 0.40 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.20 | |
| Non-Determinism | 0.40 | |
| Opacity & Reflexivity | 0.20 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The underlying foundation model is unspecified, leaving it vulnerable to standard LLM risks such as prompt injection which could alter the generated build configurations.
Not certain from the listing — The agent likely ingests local project files (package.json, tsconfig.json) as context, posing a risk of local data exposure or poisoning if malicious files exist in the workspace.
Not certain from the listing — As an 'antfu skill', it integrates into a broader agent framework. The primary threat is generating insecure or malicious bundler configurations (e.g., arbitrary file writes or malicious plugins) that the framework or developer executes.
Not certain from the listing — The deployment environment is unspecified but likely runs locally on developer machines or within CI/CD runners, meaning a compromised configuration could lead to local host compromise.
Not certain from the listing — There are no mentioned observability, logging, or guardrail mechanisms to detect if the agent has been manipulated into generating malicious build scripts.
Not certain from the listing — No compliance frameworks, access controls, or security policies are defined for this open-source skill, relying entirely on the host environment's security posture.
Not certain from the listing — The skill operates within a larger developer agent ecosystem; malicious upstream agents or compromised skills could influence its configuration outputs, leading to cascading supply chain vulnerabilities.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).