AgentReadyHomeAgent Listing

← DevGPT

DevGPT — agentic threat model

8.0AIVSS 8.0 · High

DevGPT presents a high-risk profile primarily due to its deep integration with proprietary codebases and its capability to modify code, which could be leveraged for supply chain attacks or intellectual property theft if compromised.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.2AARS uplift 0.7Factor sum 3.9/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.30
Goal-Driven Planning
0.40
Self-Modification
0.10
Dynamic Tool Use
0.50
Persistent Memory
0.60
Contextual Awareness
0.70
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — DevGPT likely relies on third-party LLMs or open-source models. Threats include adversarial prompt injection to bypass code safety filters, leading to insecure code generation.

L2 · Data Operations✓ mapped

DevGPT performs personalized training and RAG on the user's repository. Threats include repository data poisoning (malicious code in the repo influencing future generation) and data exfiltration of proprietary codebase context.

L3 · Agent Frameworks✓ mapped

The agent orchestrates code generation and modification based on follow-up prompts. Threats include insecure tool integration with local file systems or IDEs, allowing unauthorized file modification or deletion.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — As an open-source tool, deployment could be local or self-hosted. Threats include lack of sandboxing during code execution or testing, potentially leading to local privilege escalation if malicious code is executed.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in guardrails, vulnerability scanning for generated code, or logging. Gaps here could allow the silent introduction of security vulnerabilities into the codebase.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No explicit compliance certifications or fine-grained access controls are mentioned. Access to repositories relies entirely on the host environment's permissions.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — DevGPT operates as a standalone developer assistant and does not explicitly interact with a multi-agent ecosystem or external agent marketplaces.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).