AgentReadyHomeAgent Listing

← WorkOS

WorkOS — agentic threat model

7.0AIVSS 7.0 · High

The WorkOS agent acts as an integration assistant for enterprise identity, authentication, and directory synchronization. While it handles highly sensitive security configurations, its primary role is guidance and API reference assistance, presenting moderate risk unless granted direct write access to production identity providers.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.72Factor sum 2.9/10Threat ×1.0Mitigation ×0.85
Autonomy of Action
0.20
Goal-Driven Planning
0.30
Self-Modification
0.10
Dynamic Tool Use
0.40
Persistent Memory
0.20
Contextual Awareness
0.50
Dynamic Identity
0.30
Multi-Agent Interactions
0.20
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — relies on an underlying foundation model to interpret WorkOS API documentation and generate integration code. Vulnerable to prompt injection that could lead to generating insecure authentication patterns or misconfigured RBAC rules.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely utilizes RAG over WorkOS API references, AuthKit documentation, and migration guides. Risks include documentation poisoning or retrieval of outdated API schemas leading to insecure integration code.

L3 · Agent Frameworks✓ mapped

The agent framework orchestrates tools to query WorkOS APIs, Directory Sync, and Vault. Insecure tool integration could allow an attacker to manipulate the parameters of directory queries or vault lookups if input sanitization is insufficient.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — requires secure hosting and strict secrets management to handle WorkOS API keys, client secrets, and enterprise credentials safely without exposure in logs or execution environments.

L5 · Evaluation & Observability✓ mapped

The agent explicitly supports Audit Logs as a feature, which can assist in tracking configuration changes, but its own internal execution, decision-making, and generated code require external observability to prevent silent failures in auth logic.

L6 · Security & Compliance (cross-cutting)✓ mapped

Directly addresses security and compliance by providing AuthKit, SSO, Directory Sync, and RBAC integration skills. However, the agent itself must be governed by strict IAM policies to prevent unauthorized access to the WorkOS administrative APIs it documents.

L7 · Agent Ecosystem✓ mapped

In a multi-agent ecosystem, this agent could be leveraged by developer or deployment agents to configure identity providers. Compromise of this agent could allow downstream agents to establish backdoor SSO connections or rogue directory syncs.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).