AgentReadyHomeAgent Listing

← WePickUpThePhone

WePickUpThePhone — agentic threat model

8.7AIVSS 8.7 · High

WePickUpThePhone presents a moderate-to-high risk profile due to its direct integration with transactional systems like order processing and scheduling, combined with a public-facing voice interface that is susceptible to social engineering and indirect prompt injection.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.18Factor sum 4.5/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.40
Contextual Awareness
0.50
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying LLM and speech-to-text/text-to-speech models are not specified, leaving them potentially vulnerable to voice-based adversarial prompt injections or model reprogramming.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The handling, storage, and encryption of call recordings, transcripts, and customer PII are unspecified, posing risks of data leakage or unauthorized access within connected databases.

L3 · Agent Frameworks✓ mapped

The agent orchestrates voice calls to execute tools like appointment scheduling, order processing, and delivery scheduling, which are highly vulnerable to indirect prompt injection via spoken instructions from malicious callers.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment for the voice gateway, telephony integration, and LLM orchestration is undisclosed, raising potential concerns about API exposure and container security.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of real-time monitoring, voice-output guardrails, or logging mechanisms to detect prompt injection or anomalous order processing during live calls.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Compliance with telephony standards, PCI-DSS for order processing, GDPR/CCPA for PII in call recordings, or authentication mechanisms is not detailed.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — It is unclear if the agent interacts with other external AI agents, though it connects to third-party APIs for scheduling and CRM systems, creating potential cascading trust risks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).