AgentReadyHomeAgent Listing

← Tutorly.sg

Tutorly.sg — agentic threat model

6.4AIVSS 6.4 · Medium

Tutorly.sg is a low-agency educational tutor with minimal real-world action capabilities, presenting primary risks around student data privacy (PII) and the potential for prompt injection to serve inappropriate content to minors.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.4AARS uplift 0.96Factor sum 2.2/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.40
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes commercial LLMs (such as OpenAI or Anthropic) prompted for the Singapore MOE syllabus. The primary threat is prompt injection or jailbreaking, which could bypass safety guardrails and expose young students to inappropriate or non-educational content.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — relies on a knowledge base of Singapore MOE syllabus materials, past year exam papers, and student profiles. Threats include data poisoning of the educational content and unauthorized exfiltration of student performance data or PII.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely uses a basic RAG and orchestration framework to retrieve syllabus-compliant questions and generate quizzes. Threats include insecure tool integration if the quiz generator or paper retriever lacks strict input validation.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — presumably hosted on standard cloud infrastructure with web-based access. Threats include standard web application vulnerabilities (XSS, CSRF) and lack of sandboxing for dynamic content generation.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of automated guardrails, content moderation APIs, or continuous monitoring for LLM drift or toxic outputs, which is critical given the target audience of young students.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — must comply with Singapore's PDPA, especially regarding minors' data, but no specific compliance certifications (like SOC2) or age-verification controls are mentioned.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — appears to operate as a standalone single-agent tutor platform with no multi-agent or external marketplace integrations described.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).