AgentReadyHomeAgent Listing

← Autoslide AI

Autoslide AI — agentic threat model

6.3AIVSS 6.3 · Medium

Autoslide AI exhibits a low-risk agentic profile, operating primarily as a human-in-the-loop PowerPoint add-in for slide formatting and content generation. The primary security concerns center on data privacy and the potential exfiltration of sensitive corporate presentation data processed by its backend APIs.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.5AARS uplift 0.81Factor sum 1.8/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models used for text and image generation are not disclosed. Risks include prompt injection leading to inappropriate content generation or model utility bypass.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The data pipeline for processing user slide content, summaries, and temporary storage is undisclosed. Risks include data exfiltration of sensitive corporate presentations during transit or processing.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework for translating user commands into PowerPoint API calls is proprietary. Risks include insecure tool integration where malformed slide data could cause unexpected formatting behavior.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment for the backend API (which handles text/image generation) is unknown. Risks include insecure API endpoints and lack of tenant isolation for processed presentation data.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of real-time guardrails, output filtering, or logging of generated content. Risks include undetected generation of biased, offensive, or hallucinated content directly into user slides.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Compliance certifications (e.g., SOC 2, GDPR) and enterprise access controls are not specified. Risks include unauthorized access to presentation data if the add-in lacks robust authentication.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The add-in operates as a standalone tool within PowerPoint and does not appear to interact with an external agent marketplace or multi-agent ecosystem.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).