AgentReadyHomeAgent Listing

← AI Presentation Maker

AI Presentation Maker — agentic threat model

6.9AIVSS 6.9 · Medium

The AI Presentation Maker poses low agentic risk due to its limited autonomy and focus on document generation. However, its integration with Google Slides via OAuth introduces potential data security and authorization risks if the integration is compromised.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 0.63Factor sum 1.7/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.10
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely uses standard commercial LLMs for text and layout generation. Vulnerable to prompt injection that could alter presentation content, generate inappropriate material, or bypass safety filters.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — relies on a proprietary template library and user-provided prompts. Risks include template poisoning or data exfiltration if sensitive user prompts are stored or used for model training without consent.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates prompt-to-presentation generation. Vulnerable to insecure tool integration, specifically during the conversion to PPTX/PDF or when calling the Google Slides API.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source web application. Risks include standard web application vulnerabilities, insecure handling of OAuth tokens for Google Slides, and server-side PDF generation vulnerabilities (e.g., SSRF).

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of guardrails or monitoring. Risks include lack of detection for toxic/inappropriate generated content or prompt injection attempts.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — requires OAuth for Google Slides integration. Risks include over-scoped OAuth permissions and lack of clear data retention policies for user-generated presentations.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — does not appear to interact with other agents or marketplaces. Minimal ecosystem risk, though Google Slides API acts as an external dependency.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).