AgentReadyHomeAgent Listing

← Bravi

Bravi — agentic threat model

8.0AIVSS 8.0 · High

Bravi acts as an automated communication hub for home services, introducing moderate risk through its direct interaction with customers and integration with scheduling/CRM tools. The primary hazards involve prompt injection leading to reputational damage, unauthorized booking, or exposure of customer PII.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 1.5Factor sum 4.3/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.40
Contextual Awareness
0.50
Dynamic Identity
0.20
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation models are unspecified. They are highly susceptible to prompt injection, which could allow malicious users to hijack the conversational flow, extract system instructions, or generate inappropriate responses representing the business.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The agent likely processes customer PII, contact details, and service requests. Without explicit details on data storage, there are risks of data exfiltration, unauthorized access to lead databases, or lack of encryption at rest and in transit.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework managing customer flow and lead conversion is closed-source. Insecure tool integration with scheduling calendars or CRMs could allow attackers to manipulate booking systems or spam lead pipelines.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Deployment details and hosting infrastructure are not provided. Standard risks include insecure API endpoints connecting the communication hub to external messaging channels (SMS, email, webchat) and potential credential exposure.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of real-time guardrails, conversation logging, or drift detection. This creates blind spots where the agent could hallucinate incorrect pricing, service availability, or business policies without administrator awareness.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Compliance certifications (such as SOC 2) or adherence to communication regulations (like TCPA for automated messaging) are not detailed, posing compliance and regulatory risks regarding automated customer outreach.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The agent primarily operates as a standalone communication hub, but integration with third-party CRM ecosystems and messaging APIs introduces risks of cascading failures or API key abuse if those external platforms are compromised.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).