AgentReadyHomeAgent Listing

← WhatsAppCopilot

WhatsAppCopilot — agentic threat model

8.1AIVSS 8.1 · High

WhatsAppCopilot presents a moderate-to-high privacy risk due to its screen text extraction capabilities, which could expose sensitive personal data, messages, or credentials if the underlying LLM or backend infrastructure is compromised.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.62Factor sum 2.5/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.10
Contextual Awareness
0.50
Dynamic Identity
0.10
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes a commercial third-party LLM. Threats include prompt injection causing the agent to generate inappropriate or malicious replies, and potential data leakage to the model provider.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes real-time screen text and message context. Threats include the accidental ingestion and exposure of sensitive on-screen data (such as OTPs, financial info, or private credentials) during text extraction.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely a lightweight wrapper orchestrating OCR/screen-scraping and LLM API calls. Threats include insecure handling of extracted text and lack of input sanitization before passing data to the orchestration layer.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — operates as an iOS-integrated tool (potentially via Shortcuts or a mobile app) communicating with a backend. Threats include insecure transit of extracted screen data to backend servers and potential MITM vulnerabilities.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of guardrails, logging, or output filtering. Threats include a lack of observability into what screen data is processed and no mechanism to detect or block toxic/harmful generated replies.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — closed-source, paid tool with no documented security compliance. Threats include non-compliance with privacy regulations (GDPR/CCPA) due to continuous screen-scraping of personal chat data.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates standalone within the WhatsApp ecosystem. Threats are low, but could include automated interactions with other chat bots leading to infinite loops or cascading spam generation.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).