AgentReadyHomeAgent ListingPricing

← Onboarding Agent

Onboarding Agent — agentic threat model

6.9AIVSS 6.9 · Medium

The Onboarding Agent exhibits moderate agentic risk, primarily driven by its multi-agent CrewAI architecture and access to sensitive HR data via RAG. While infrastructure security is robust (Fargate, OAuth2, Firebase), the lack of explicit LLM-specific guardrails poses a risk of prompt injection and data exfiltration.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.07Factor sum 4.3/10Threat ×1.0Mitigation ×0.8
Autonomy of Action
0.40
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.40
Persistent Memory
0.50
Contextual Awareness
0.60
Dynamic Identity
0.20
Multi-Agent Interactions
0.70
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses GPT-4. Vulnerable to adversarial prompt injection, which could bypass system instructions to leak system prompts or retrieve unauthorized documents. Model misalignment could lead to incorrect HR policy advice.

L2 · Data Operations✓ mapped

Utilizes a RAG pipeline with Chroma and GCS, storing structured data in Supabase. Risks include data poisoning of the vector database (injecting malicious onboarding documents) and unauthorized exfiltration of sensitive employee PII.

L3 · Agent Frameworks✓ mapped

Orchestrated via CrewAI and FastAPI. Vulnerabilities in CrewAI's tool-calling mechanisms or FastAPI endpoints could allow attackers to manipulate agent execution paths or poison agent memory states.

L4 · Deployment & Infrastructure✓ mapped

Deployed on AWS ECS Fargate with ECR and ALB. Fargate provides strong container isolation, reducing host compromise risks, but misconfigured ALB routing or insecure CI/CD pipelines remain potential vectors.

L5 · Evaluation & Observability✓ mapped

Monitored via AWS CloudWatch. While infrastructure logging is present, there is no mention of LLM-specific evaluation, semantic guardrails, or real-time prompt injection detection, creating an observability blind spot for agent behavior.

L6 · Security & Compliance (cross-cutting)✓ mapped

Implements Firebase Auth and OAuth2 SSO, providing strong identity controls. However, strict row-level security (RLS) in Supabase must be enforced to prevent horizontal privilege escalation among onboarding employees.

L7 · Agent Ecosystem✓ mapped

Employs CrewAI, implying internal multi-agent collaboration. Risks include cascading failures if one sub-agent is compromised via prompt injection, leading to trust abuse across the agent crew.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.