AgentReadyHomeAgent Listing

← Twelve Data MCP

Twelve Data MCP — agentic threat model

4.5AIVSS 4.5 · Medium

The Twelve Data MCP is a read-only financial market data connector with low agentic risk due to its lack of execution capabilities, though it requires careful API key management and input validation of external financial feeds.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 0.7Factor sum 1.3/10Threat ×0.95Mitigation ×0.9
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.00
Contextual Awareness
0.30
Dynamic Identity
0.10
Multi-Agent Interactions
0.20
Non-Determinism
0.10
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the underlying LLM is not specified, but it is vulnerable to prompt injection that could trick the model into misinterpreting financial data or requesting excessive API calls.

L2 · Data Operations✓ mapped

The agent acts as a conduit for external financial data. Risks include downstream data poisoning or injection if the returned market quotes, time series, or technical indicators contain malicious payloads that exploit parsing vulnerabilities in the consuming application.

L3 · Agent Frameworks✓ mapped

The agent exposes read-only MCP tools for financial data. The primary framework risk is insecure tool integration, where a calling agent might blindly trust the returned financial metrics or suffer from API rate-limiting and cost exhaustion due to uncontrolled looping.

L4 · Deployment & Infrastructure✓ mapped

Requires secure storage of the Twelve Data API key. Compromise of the hosting environment or MCP server configuration could lead to API key exfiltration and subsequent financial cost or quota theft.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of built-in logging, rate-limiting guardrails, or cost-monitoring tools to detect anomalous API consumption patterns or data anomalies.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — compliance controls, transport encryption standards, and access policies for the API keys are not detailed in the public directory entry.

L7 · Agent Ecosystem✓ mapped

Designed to integrate into broader agentic workflows (e.g., investment advisors or trading bots). While this agent is read-only, upstream agents consuming its data could make high-risk automated trading decisions based on manipulated or delayed market feeds.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).