AgentReadyHomeAgent ListingPricing

← Interview Agent

Interview Agent — agentic threat model

7.6AIVSS 7.6 · High

The Interview Agent presents a moderate-to-high risk profile due to its multi-agent architecture (CrewAI) handling sensitive candidate PII and interacting directly with external users. The primary attack vectors include indirect prompt injection via uploaded resumes (RAG) and potential authorization bypasses in the Firebase/Firestore backend.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.44Factor sum 5.5/10Threat ×1.05Mitigation ×0.85
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.50
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.80
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses GPT-4 for candidate conversations. Highly vulnerable to direct prompt injection during live chat sessions, which could lead to model reprogramming, jailbreaks, or generating highly inappropriate/biased candidate feedback.

L2 · Data Operations✓ mapped

Utilizes Chroma for RAG and GCS for resume storage. This introduces a severe risk of indirect prompt injection via malicious resumes designed to hijack the screening agent's evaluation logic, alongside potential PII exfiltration from the vector database.

L3 · Agent Frameworks✓ mapped

Orchestrated via CrewAI. Vulnerabilities include insecure tool integration (e.g., scheduling APIs, database connectors) and potential state/memory poisoning across different candidate evaluation sessions.

L4 · Deployment & Infrastructure✓ mapped

Deployed on AWS ECS Fargate with FastAPI and Docker. Risks include container escape, exposed FastAPI endpoints, and potential credential leakage from the CI/CD pipeline or environment variables.

L5 · Evaluation & Observability✓ mapped

Monitored via AWS CloudWatch. While system-level logging is present, there is a lack of explicit LLM guardrails or real-time semantic monitoring to detect and block adversarial prompt injections or toxic outputs.

L6 · Security & Compliance (cross-cutting)✓ mapped

Uses Firebase Auth and Firestore. Risks involve broken object-level authorization (BOLA) where candidates might access other applicants' resumes or feedback, alongside compliance challenges regarding automated hiring decisions (GDPR/EU AI Act).

L7 · Agent Ecosystem✓ mapped

Employs modular CrewAI agents. A compromise in one agent (e.g., the conversational agent) could cascade to others (e.g., the screening or scheduling agent), leading to unauthorized data manipulation or scheduling conflicts.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.