Setter AI — agentic threat model
Setter AI presents a high agentic risk due to its autonomous, public-facing communication via WhatsApp combined with powerful integrations like Zapier (6,000+ apps). The lack of visible guardrails or human-in-the-loop verification means prompt injection via lead forms could lead to unauthorized tool execution or brand-damaging interactions.
OWASP AIVSS score rationale
| Autonomy of Action | 0.80 | |
| Goal-Driven Planning | 0.40 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.70 | |
| Persistent Memory | 0.50 | |
| Contextual Awareness | 0.50 | |
| Dynamic Identity | 0.10 | |
| Multi-Agent Interactions | 0.20 | |
| Non-Determinism | 0.60 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — likely relies on commercial LLMs (e.g., OpenAI) via API. Vulnerable to prompt injection (jailbreaking) which could alter the 'human-like' sales script to output offensive or malicious content to leads.
Not certain from the listing — ingests lead data from Facebook, LinkedIn, and web forms. Risk of data poisoning if malicious leads submit prompt injection payloads via form fields, potentially exfiltrating other lead data or hijacking the WhatsApp session.
Integrates with Zapier (6,000+ apps) and Calendly. High risk of tool misuse or unauthorized actions if the agent is tricked via prompt injection into executing unintended Zapier actions (e.g., deleting CRM records, sending spam).
Not certain from the listing — likely hosted as a SaaS platform. Requires storage of sensitive API keys/OAuth tokens for Zapier, Calendly, and social media platforms. Compromise of the infrastructure could expose these high-value credentials.
Not certain from the listing — no explicit mention of guardrails, safety filtering, or conversation monitoring. Lack of observability could allow prompt injection attacks or brand-damaging conversations to go unnoticed.
Not certain from the listing — no mention of compliance certifications (like SOC2) or fine-grained access controls for the connected Zapier/Calendly integrations.
Interacts with the Zapier ecosystem (6,000+ apps), which acts as a massive multi-agent/multi-tool environment. Vulnerable to cascading failures or indirect prompt injection if connected apps return malicious data.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).
These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology. Are you the vendor? Factual corrections are free.