AgentReadyHomeAgent ListingPricing

← OneQuery

OneQuery — agentic threat model

8.8AIVSS 8.8 · High

OneQuery presents a moderate-to-high risk profile due to its integration of browser automation (Playwright) and proxy support, which can be exploited for SSRF, data exfiltration, or unauthorized network scanning if not properly sandboxed. Its reliance on parsing untrusted web content via LLMs makes it highly susceptible to indirect prompt injection attacks.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.31Factor sum 5.0/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.20
Contextual Awareness
0.60
Dynamic Identity
0.70
Multi-Agent Interactions
0.00
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the specific foundation models powering OneQuery's reasoning are not disclosed, though OmniParser is used for visual webpage parsing. Threats include adversarial visual or textual inputs on target websites causing model reprogramming or misaligned navigation decisions.

L2 · Data Operations✓ mapped

OneQuery performs real-time web scraping and content aggregation. The primary threat is data poisoning from malicious web pages (e.g., prompt injection embedded in HTML/text) and potential data exfiltration if scraped sensitive data is sent to unauthorized destinations.

L3 · Agent Frameworks✓ mapped

Utilizes Playwright and OmniParser for browser automation and webpage analysis. Key threats include tool misuse (e.g., SSRF via browser navigation, scraping internal network resources) and insecure tool integration where malicious page elements hijack the browser automation flow.

L4 · Deployment & Infrastructure✓ mapped

Can be deployed locally or hosted, using a Zig-based browser and worldwide proxies. If hosted, threats include container escape via browser exploits, proxy abuse for malicious traffic, and lack of sandboxing for the browser execution environment.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no explicit evaluation, logging, or guardrail frameworks are mentioned beyond a basic job queuing system. This creates blind spots regarding anomalous browser behavior or successful prompt injection attacks during scraping runs.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — there is no mention of identity management, access control policies, or compliance alignments (like SOC2 or ISO). Local deployment shifts compliance responsibility entirely to the user.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — OneQuery is described as a standalone web agent with no explicit multi-agent coordination or marketplace ecosystem features, minimizing direct agent-to-agent trust abuse risks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.