AgentReadyHomeAgent Listing

← Built&Written

Built&Written — agentic threat model

7.5AIVSS 7.5 · High

Built&Written presents a moderate security risk primarily centered on intellectual property theft and data privacy, as it ingests sensitive user writing samples to clone author voices. The agentic risk is low due to a strong human-in-the-loop publishing workflow, but vulnerabilities in file generation pipelines could lead to malicious file exports.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 1.01Factor sum 2.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.20
Persistent Memory
0.40
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes commercial LLMs for text generation and diffusion models for cover art. Key threats include prompt injection to bypass content filters, generation of plagiarized content, and model reprogramming to output malicious text.

L2 · Data Operations✓ mapped

The platform ingests user-provided writing samples to analyze style, vocabulary, and tone. This introduces significant risks of intellectual property theft, data exfiltration of proprietary manuscripts, and data poisoning if malicious samples are uploaded to corrupt the style profile.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely uses a proprietary orchestration framework to sequence style analysis, manuscript generation, formatting, and cover design. Threats include insecure tool integration during the file compilation and formatting stages.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source SaaS platform. Key threats include server-side request forgery (SSRF) during cover generation/image fetching, and insecure cloud storage of generated KDP-ready files.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no details are provided regarding output guardrails or monitoring. Gaps here could allow the generation of offensive, copyrighted, or policy-violating content that gets packaged into the final manuscript.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no compliance certifications (such as SOC 2 or GDPR) are mentioned. There is a risk of unclear data retention policies regarding whether user-provided writing samples are stored or used for future model training.

L7 · Agent Ecosystem✓ mapped

The agent operates as a standalone horizontal tool with no multi-agent or marketplace interactions mentioned. Ecosystem risks are limited to downstream integration, such as uploading the generated files to Amazon KDP.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).