Garnit — agentic threat model
Garnit poses a high security risk due to its direct integration with user email inboxes, making it highly susceptible to indirect prompt injection attacks via malicious promotional emails that could abuse its email-writing and subscription capabilities.
OWASP AIVSS score rationale
| Autonomy of Action | 0.70 | |
| Goal-Driven Planning | 0.40 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.60 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.60 | |
| Dynamic Identity | 0.40 | |
| Multi-Agent Interactions | 0.10 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely uses a standard LLM for extraction and classification. The primary threat is indirect prompt injection, where malicious instructions embedded in promotional emails hijack the model's behavior.
Processes highly sensitive user inbox data. Threats include data exfiltration of personal email content and data poisoning via malicious promotional emails designed to corrupt the extraction pipeline.
Orchestrates email parsing, saving deals, and executing actions like unsubscribe/subscribe. Vulnerabilities include tool misuse, where the agent could be tricked into unsubscribing the user from critical services or subscribing them to malicious spam lists.
Not certain from the listing — likely hosted on cloud infrastructure requiring OAuth access to the user's email provider. Threats include the compromise of OAuth tokens, allowing unauthorized access to the user's entire inbox.
Not certain from the listing — there is no mention of evaluation, monitoring, or guardrails to detect and filter out malicious email payloads before they are processed by the LLM.
Requires high-privilege read/write access to user email accounts. No security certifications (e.g., SOC2) or explicit privacy-preserving controls are mentioned in this free, closed-source vertical agent.
Not certain from the listing — does not explicitly mention multi-agent interactions, though it interacts with external brand subscription systems which could be abused to trigger cascading spam or phishing campaigns.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.