AgentReadyHomeAgent Listing

← calprep

calprep — agentic threat model

7.6AIVSS 7.6 · High

Calprep poses moderate operational and privacy risks due to its direct integration with user calendars, where compromise could lead to unauthorized event manipulation, data exfiltration of sensitive meeting details, and phishing via calendar invites.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 1.12Factor sum 3.2/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.40
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.30
Contextual Awareness
0.50
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on commercial or open-source LLMs to parse natural language scheduling requests. Threats include prompt injection to bypass scheduling constraints or extract sensitive calendar information.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes calendar metadata, attendee emails, and free/busy slots. Threats include unauthorized exfiltration of sensitive meeting descriptions, locations, or attendee lists.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates calendar API calls based on user intent. Threats include insecure tool integration where malicious inputs trigger unauthorized event creation, modification, or deletion.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — being open-source and freemium, deployment could range from self-hosted to cloud-hosted. Threats include insecure storage of highly sensitive calendar OAuth tokens and API credentials.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no details on guardrails or logging of automated scheduling actions. Threats include a lack of audit trails to detect unauthorized or anomalous calendar modifications.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — requires OAuth integration with major calendar providers (Google, Microsoft). Threats include over-privileged OAuth scopes that grant full read/write access instead of restricted, scoped permissions.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — primarily interacts with human users and calendar APIs. Threats include cascading scheduling conflicts or infinite loops if interacting with other automated calendar assistants.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).