AgentReadyHomeAgent Listing

← azure-deploy

azure-deploy — agentic threat model

7.9AIVSS 7.9 · High

This agent possesses a high-risk posture due to its ability to execute real-world cloud infrastructure mutations (Azure/Terraform), though risk is partially mitigated by requiring a pre-validated deployment plan.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.77Factor sum 4.9/10Threat ×1.05Mitigation ×0.85
Autonomy of Action
0.60
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.90
Persistent Memory
0.20
Contextual Awareness
0.50
Dynamic Identity
0.70
Multi-Agent Interactions
0.60
Non-Determinism
0.40
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation model is not specified, leaving it vulnerable to standard prompt injection or adversarial inputs that could alter deployment parameters.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — No details are provided regarding data operations, vector databases, or training data pipelines used by this deployment skill.

L3 · Agent Frameworks✓ mapped

The agent framework integrates highly sensitive tools (azd, terraform, az deploy). The primary threat is tool misuse or injection attacks that hijack these commands to deploy unauthorized resources.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment, sandboxing of the CLI execution environment, and management of Azure credentials/secrets are not detailed.

L5 · Evaluation & Observability✓ mapped

The agent features built-in error recovery during deployment execution, but the listing does not specify if there is independent security observability or guardrails to detect malicious plans.

L6 · Security & Compliance (cross-cutting)✓ mapped

The agent implements a critical security control by requiring a validated deployment plan from 'azure-prepare' before execution, reducing unauthorized structural mutations.

L7 · Agent Ecosystem✓ mapped

The agent participates in a multi-agent workflow by consuming plans generated by 'azure-prepare'. A compromise of the upstream preparation agent represents a cascading trust vulnerability.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).