azure-deploy — agentic threat model
This agent possesses a high-risk posture due to its ability to execute real-world cloud infrastructure mutations (Azure/Terraform), though risk is partially mitigated by requiring a pre-validated deployment plan.
OWASP AIVSS score rationale
| Autonomy of Action | 0.60 | |
| Goal-Driven Planning | 0.40 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.90 | |
| Persistent Memory | 0.20 | |
| Contextual Awareness | 0.50 | |
| Dynamic Identity | 0.70 | |
| Multi-Agent Interactions | 0.60 | |
| Non-Determinism | 0.40 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The underlying foundation model is not specified, leaving it vulnerable to standard prompt injection or adversarial inputs that could alter deployment parameters.
Not certain from the listing — No details are provided regarding data operations, vector databases, or training data pipelines used by this deployment skill.
The agent framework integrates highly sensitive tools (azd, terraform, az deploy). The primary threat is tool misuse or injection attacks that hijack these commands to deploy unauthorized resources.
Not certain from the listing — The hosting environment, sandboxing of the CLI execution environment, and management of Azure credentials/secrets are not detailed.
The agent features built-in error recovery during deployment execution, but the listing does not specify if there is independent security observability or guardrails to detect malicious plans.
The agent implements a critical security control by requiring a validated deployment plan from 'azure-prepare' before execution, reducing unauthorized structural mutations.
The agent participates in a multi-agent workflow by consuming plans generated by 'azure-prepare'. A compromise of the upstream preparation agent represents a cascading trust vulnerability.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).