AgentReadyHomeAgent Listing

← Casper Practice Test

Casper Practice Test — agentic threat model

5.6AIVSS 5.6 · Medium

The Casper Practice Test agent presents low overall agentic risk due to its limited autonomy and lack of external tool execution. The primary security concerns center on the privacy and confidentiality of user-submitted video and written responses, alongside potential prompt injection risks that could manipulate AI scoring rubrics.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.8AARS uplift 0.78Factor sum 1.5/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.20
Contextual Awareness
0.30
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes commercial LLMs or multimodal models to evaluate text and video responses. Threats include prompt injection to bypass scoring rubrics, adversarial inputs designed to artificially inflate scores, and potential model bias when evaluating subjective traits like empathy and ethics.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — processes and stores user-submitted video recordings, audio, and written responses. Threats include unauthorized access or exfiltration of sensitive user practice data, and potential data privacy issues if recordings are used for downstream model training without explicit consent.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestration is likely limited to a linear workflow (presenting scenarios, managing timers, capturing inputs, and triggering evaluation APIs). Threats include insecure handling of user inputs during the evaluation phase.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a web application. Threats include insecure storage of video/audio files (e.g., misconfigured S3 buckets) and lack of rate limiting on the AI scoring endpoints, which could lead to denial of service or high API costs.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires robust guardrails to ensure AI-generated feedback remains constructive, unbiased, and free of hallucinations. Threats include evaluation gaming, where users find specific keywords or structures that trick the AI into awarding high scores.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — handling video and audio recordings of users requires strict compliance with data privacy regulations (such as GDPR or CCPA). There is no mention of specific compliance certifications or data retention policies in the listing.

L7 · Agent Ecosystem✓ mapped

The listing does not describe any multi-agent interactions, external marketplace integrations, or collaborative agent ecosystems, making ecosystem-level threats currently out of scope.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).