Scite Assistant — agentic threat model
Scite Assistant is a low-risk, retrieval-focused AI assistant with minimal autonomy, primarily serving as a specialized RAG interface over a scientific citation database. Its primary security risks are limited to data integrity (poisoned literature) and prompt injection leading to hallucinated citations.
OWASP AIVSS score rationale
| Autonomy of Action | 0.10 | |
| Goal-Driven Planning | 0.20 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.20 | |
| Persistent Memory | 0.10 | |
| Contextual Awareness | 0.50 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.40 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — uses closed-source LLMs which are susceptible to prompt injection, model alignment issues, or indirect prompt injection via poisoned scientific papers.
Integrates with Scite's extensive database of Smart Citations. Risks include database poisoning (e.g., malicious papers uploaded to indexed journals) and retrieval-augmented generation (RAG) manipulation.
Not certain from the listing — orchestration details are proprietary. Likely uses a simple RAG pipeline with filtering tools, posing risks of insecure tool integration or prompt injection bypassing filters.
Not certain from the listing — hosted as a closed-source web application. Standard web application vulnerabilities, container security, and API exposure risks apply.
Not certain from the listing — likely monitors citation accuracy and retrieval quality, but specific guardrails or logging mechanisms are not detailed.
Not certain from the listing — operates as a freemium closed-source tool. Compliance with academic data privacy standards and general data protection (GDPR) is assumed but unverified.
No multi-agent or marketplace interactions are described; the assistant operates as a standalone retrieval tool, minimizing ecosystem-level risks.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.