HIA (Health Insights Agent) — agentic threat model
HIA presents a moderate-to-high risk profile primarily due to the handling of highly sensitive medical data (blood reports) within a self-deployed open-source architecture. While it incorporates authentication via Supabase, the potential for prompt injection via malicious PDFs and the lack of built-in clinical guardrails pose significant privacy and safety concerns.
OWASP AIVSS score rationale
| Autonomy of Action | 0.20 | |
| Goal-Driven Planning | 0.20 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.20 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.40 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.20 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.40 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Uses Llama models via Groq. Primary threats include adversarial prompt injection embedded within uploaded blood report PDFs to bypass safety guardrails, and hallucinated medical insights that could lead to incorrect self-diagnosis or physical harm.
Processes uploaded PDF files up to 20MB and stores session history in Supabase. Threats include PDF parser exploits (e.g., buffer overflows or denial of service via malicious PDFs) and unauthorized exfiltration of sensitive health data (PHI) from the database.
Implements a structured 'report -> extraction -> analysis -> insights' workflow. Vulnerabilities include insecure handling of extracted PDF text, allowing indirect prompt injection to hijack the analysis phase or manipulate the multi-model cascade logic.
Built on Streamlit and Supabase. Threats include exposure of Supabase API keys, lack of sandboxing for the PDF extraction environment, and typical Streamlit session state vulnerabilities if deployed publicly without robust network controls.
Not certain from the listing — there is no mention of LLM observability, automated evaluation, or clinical guardrails to monitor the accuracy and safety of the generated health insights.
Utilizes Supabase-auth for user authentication. However, as an open-source template, compliance with healthcare regulations like HIPAA or GDPR is entirely dependent on the deployer's infrastructure, posing significant compliance risks.
Operates as a single-user agent with a multi-model cascade rather than a decentralized multi-agent ecosystem. Minimal risk of agent-to-agent trust abuse or cascading external agent failures.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.