AgentReadyHomeAgent Listing

← Wellows

Wellows — agentic threat model

8.0AIVSS 8.0 · High

Wellows presents a moderate agentic risk primarily driven by its automated outreach capabilities and integration with external LLM APIs. A compromise could lead to brand reputation damage through unauthorized or malicious automated communications and manipulation of competitive intelligence data.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 1.47Factor sum 4.2/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.50
Contextual Awareness
0.50
Dynamic Identity
0.20
Multi-Agent Interactions
0.30
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Wellows relies on querying external foundation models (ChatGPT, Gemini, Perplexity, Google AI). It is highly susceptible to indirect prompt injection if competitor or search results contain adversarial text designed to manipulate Wellows' sentiment analysis or outreach generation.

L2 · Data Operations✓ mapped

Data operations involve aggregating search visibility data, competitor mentions, and contact lists. Risks include data poisoning of the tracking database and unauthorized exfiltration of proprietary brand monitoring and outreach target lists.

L3 · Agent Frameworks✓ mapped

The agent framework orchestrates multi-LLM querying and automates outreach template generation. Vulnerabilities here include insecure tool integration with email/outreach platforms, potentially allowing prompt injection to hijack the outreach channel.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Wellows is a closed-source SaaS platform, meaning deployment infrastructure details are hidden. Standard risks include insecure API key storage for external LLMs and lack of network isolation between tenant data.

L5 · Evaluation & Observability✓ mapped

The platform provides daily/weekly visibility monitoring. Gaps in evaluation and observability could allow subtle drift in LLM search results to go unnoticed, or allow adversaries to game the visibility scoring system without detection.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — there is no mention of compliance certifications (e.g., SOC 2, GDPR) or explicit access control policies. Risks include unauthorized access to brand dashboards and lack of audit trails for automated outreach actions.

L7 · Agent Ecosystem✓ mapped

Wellows operates within a broader ecosystem by interacting with external LLM search engines and automated outreach targets. Cascading failures could occur if external LLM APIs change their output formats, or if automated outreach triggers spam filters and damages the user's domain reputation.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).