AgentReadyHomeAgent Listing

← Buildform

Buildform — agentic threat model

7.2AIVSS 7.2 · High

Buildform is an AI-driven lead collection and form customization tool presenting low agentic risk but moderate data security risk due to the collection and handling of user PII (leads) and potential integration with external CRMs.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 0.7Factor sum 2.0/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.20
Self-Modification
0.10
Dynamic Tool Use
0.30
Persistent Memory
0.30
Contextual Awareness
0.20
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.30
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely uses standard LLMs for form generation and text optimization. Threats include prompt injection to manipulate form fields or generate malicious/phishing forms.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — collects lead data (PII). Threats include data exfiltration of collected leads, database injection, and lack of encryption at rest/in transit.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestration is likely simple form-generation templates. Threats include insecure tool integration if connecting to CRMs (HubSpot, Salesforce).

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted SaaS platform. Threats include container compromise, cross-tenant data leakage, and insecure API endpoints.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of guardrails or monitoring for generated form content. Threats include generation of offensive or phishing forms without detection.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — closed source, paid tool. Compliance risks around GDPR/CCPA since it collects lead data (PII) without explicit mention of compliance controls.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — likely operates standalone or via standard API integrations rather than a complex multi-agent ecosystem. Threats include API key exposure during CRM integrations.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).