AgentReadyHomeAgent Listing

← AdGen

AdGen — agentic threat model

7.5AIVSS 7.5 · High

AdGen presents a moderate risk profile primarily driven by its URL ingestion capability, which introduces Server-Side Request Forgery (SSRF) and prompt injection risks from untrusted web content, alongside typical non-deterministic risks of AI image generation.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 1.05Factor sum 3.0/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.40
Persistent Memory
0.20
Contextual Awareness
0.50
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

AdGen relies on foundation models for text-to-image generation and multimodal chat refinement. Key threats include prompt injection via the scraped product URL, adversarial inputs during the image refinement chat, and potential generation of copyright-infringing or brand-damaging outputs.

L2 · Data Operations✓ mapped

The agent ingests external data by scraping user-provided product URLs. This introduces significant data operations risks, including Server-Side Request Forgery (SSRF) if the scraper is not isolated, and indirect prompt injection from malicious content hosted on the target URL.

L3 · Agent Frameworks✓ mapped

The orchestration framework coordinates URL fetching, content extraction, and image generation. Vulnerabilities include insecure tool integration (e.g., the scraper executing malicious scripts on the target page) and lack of input sanitization before passing scraped data to the image generator.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — details about hosting, sandboxing of the URL scraper, network isolation, or secrets management are not provided in the public directory listing. A secure deployment must sandbox the URL fetching mechanism to prevent lateral movement.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of content moderation, output guardrails (e.g., blocking NSFW or copyrighted brand generation), or logging of user-submitted URLs is present in the description.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — compliance certifications (such as SOC2), authentication mechanisms for the API/freemium model, and data retention policies for scraped URLs and generated images are not specified.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — there is no indication of multi-agent orchestration, third-party marketplace integrations, or agent-to-agent trust boundaries in the provided description.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).