AgentReadyHomeAgent ListingPricing

← Link AI

Link AI — agentic threat model

9.3AIVSS 9.3 · Critical

Link AI presents a high agentic risk profile due to its direct integration with user LinkedIn accounts and email systems via a Chrome extension, enabling autonomous outreach and messaging that could be abused for widespread social engineering or lead data exfiltration if compromised.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.2AARS uplift 1.06Factor sum 5.6/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.70
Persistent Memory
0.60
Contextual Awareness
0.60
Dynamic Identity
0.80
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation models are not specified, but the agent likely relies on commercial LLMs via API. The primary threat is prompt injection leading to the generation of inappropriate, offensive, or malicious outreach messages sent automatically to prospects.

L2 · Data Operations✓ mapped

The agent processes sensitive prospect data, user profile details (bios, posts, headlines), and outreach history. Threats include data exfiltration of proprietary lead lists, poisoning of the training/fine-tuning data used to match the user's outreach style, and unauthorized data exports.

L3 · Agent Frameworks✓ mapped

The orchestration framework manages multi-step outreach sequences (connecting, messaging, and triggering email follow-ups). Insecure tool integration via the Chrome extension or webhooks could allow an attacker to hijack the automated workflow, leading to spamming or account suspension.

L4 · Deployment & Infrastructure✓ mapped

The deployment relies on a Chrome extension and API/webhook integrations. This introduces significant client-side risks, including session hijacking of LinkedIn authentication tokens, extension-based cross-site scripting (XSS), and unauthorized API access to lead databases.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of guardrails, output filtering, or security observability. Without robust monitoring, malicious or non-compliant messages generated by the AI could be sent to prospects without detection until user accounts are flagged or banned.

L6 · Security & Compliance (cross-cutting)✓ mapped

The agent operates in a high-risk compliance zone, automating actions on LinkedIn (violating standard Terms of Service regarding automation) and sending automated emails (subject to CAN-SPAM/GDPR). No enterprise security controls, compliance certifications, or audit logs are mentioned.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — While team collaboration features are mentioned, there is no indication of an autonomous multi-agent ecosystem or marketplace interactions that could lead to cascading agent-to-agent trust abuse.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.