AgentReadyHomeAgent Listing

← AI Raphael

AI Raphael — agentic threat model

6.4AIVSS 6.4 · Medium

AI Raphael is a low-autonomy image generation and editing agent with low systemic risk, primarily vulnerable to prompt injection for content filter bypass and API abuse.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 1.13Factor sum 2.4/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.10
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.80
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses the 'Nano Banana Pro' model. Highly susceptible to adversarial prompt injections designed to bypass safety filters to generate illicit, copyrighted, or harmful visual content, as well as model extraction attacks via the public API.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — the agent processes user-uploaded images for editing and remixing. If these images are stored insecurely or used for downstream training without consent, it presents significant data privacy, exfiltration, and poisoning risks.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the orchestration framework translating natural language prompts into image manipulation parameters is unspecified. Insecure translation of user prompts into image-processing tool arguments could lead to remote code execution or tool misuse.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a freemium web platform and API. Main infrastructure threats include GPU resource exhaustion (denial of service) and unauthorized API access due to weak endpoint protection.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of input/output guardrails, content moderation APIs, or observability tools to detect and block the generation of deepfakes or abusive imagery.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — lacks explicit compliance certifications (e.g., GDPR, SOC2) or details on user data deletion policies, which are critical when handling user-uploaded personal photos.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — the agent operates as a standalone vertical tool and API, with no described multi-agent collaboration or marketplace ecosystem integration.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).