AgentReadyHomeAgent ListingPricing

← Landinghero.ai

Landinghero.ai — agentic threat model

8.2AIVSS 8.2 · High

Landinghero.ai presents a moderate-to-high security risk primarily due to its ability to generate, preview, and deploy executable web code (HTML/JS) and manage custom domains based on unstructured chat inputs. Without explicit guardrails or sandboxing mentioned, the platform is highly susceptible to prompt injection attacks leading to stored XSS or malicious site deployment.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.75Factor sum 3.0/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.20
Contextual Awareness
0.30
Dynamic Identity
0.10
Multi-Agent Interactions
0.00
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The listing mentions a 'proprietary AI' and 'AI Chat-Based Interface' but does not specify the underlying LLMs or foundation models used. Standard threats like prompt injection (indirect or direct to alter website code) and model reprogramming apply.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — No details are provided about training data, RAG, or vector stores. Standard risks include training data poisoning of the proprietary design engine or exfiltration of user-provided assets.

L3 · Agent Frameworks✓ mapped

The agent uses a chat-based interface to orchestrate website generation, editing, and deployment. Threats include prompt injection leading to malicious code generation (XSS, malicious scripts embedded in the HTML/JS) or unauthorized tool execution (e.g., triggering deployment or domain changes without intent).

L4 · Deployment & Infrastructure✓ mapped

The agent supports 'One-Click Deployment' and 'Custom Domain Support'. Threats include insecure hosting infrastructure, subdomain takeover, DNS hijacking during custom domain configuration, and lack of sandboxing for generated code execution during live previews.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No mention of evaluation frameworks, guardrails, or logging mechanisms to detect malicious inputs or generated code anomalies.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The listing does not detail authentication, authorization, or compliance standards (like GDPR or SOC2) for managing user accounts, custom domains, or exported code.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — There is no indication of multi-agent interactions or marketplace integrations; it appears to operate as a standalone horizontal website builder.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.