AgentReadyHomeAgent ListingPricing

← ResumeBurger

ResumeBurger — agentic threat model

7.0AIVSS 7.0 · High

ResumeBurger is a low-autonomy document generation agent with minimal agentic risk, primarily exposed to PII data leakage and prompt injection via malicious PDF uploads.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 0.7Factor sum 1.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.40
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses LLMs for résumé enhancement and cover letter generation. Highly vulnerable to indirect prompt injection via uploaded PDF files containing hidden instructions designed to hijack the model's output or exfiltrate data.

L2 · Data Operations✓ mapped

Processes uploaded PDFs and manages multiple résumé versions. Risks include PDF parsing vulnerabilities (e.g., denial of service or remote code execution via malicious files) and unauthorized access to highly sensitive PII contained within user résumés.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely uses a basic sequential orchestration framework to parse, enhance, and output text. Risks include insecure integration with the Tiptap rich-text editor if inputs are not properly sanitized.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — requires secure hosting and isolated sandboxing for PDF parsing utilities to prevent host compromise from malicious document uploads.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires robust logging and guardrails to detect and block prompt injection attempts embedded within uploaded résumés or job descriptions.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — must comply with strict PII protection regulations (GDPR/CCPA) due to storing and processing personal job seeker data. Requires strong authorization controls to prevent IDOR access to other users' résumés.

L7 · Agent Ecosystem✓ mapped

Operates as a standalone, single-agent utility. There are no multi-agent or marketplace interactions indicated, minimizing ecosystem-level threats.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.