AgentReadyHomeAgent Listing

← Devika AI

Devika AI — agentic threat model

9.4AIVSS 9.4 · Critical

Devika AI presents a high-risk agentic profile because its advanced planning, web browsing, and code generation capabilities can be manipulated via prompt injection to execute arbitrary code or exfiltrate data from the host environment.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.88Factor sum 5.6/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.70
Goal-Driven Planning
0.90
Self-Modification
0.20
Dynamic Tool Use
0.70
Persistent Memory
0.50
Contextual Awareness
0.80
Dynamic Identity
0.20
Multi-Agent Interactions
0.30
Non-Determinism
0.80
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Leverages powerful foundation models like GPT-4 and Claude. Highly susceptible to prompt injection and adversarial inputs embedded in web research that could hijack the model's reasoning and code generation processes.

L2 · Data Operations✓ mapped

Performs contextual keyword extraction and web browsing. This introduces risks of data poisoning and indirect prompt injection from untrusted web pages, which can corrupt the agent's knowledge state.

L3 · Agent Frameworks✓ mapped

Features advanced planning, state tracking, and code writing. Vulnerabilities include tool misuse (e.g., executing malicious shell commands or writing insecure code) and planning manipulation if the orchestration framework lacks strict input validation.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — as an open-source tool, it is typically run locally by the user. This poses a high risk of host compromise or privilege escalation if the agent executes generated code without a secure, sandboxed container environment.

L5 · Evaluation & Observability✓ mapped

Provides dynamic agent state tracking and visualization to the user. While this increases transparency, there is no mention of automated security guardrails, anomaly detection, or real-time safety monitoring for generated code.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — there are no explicit details regarding enterprise security controls, access management, audit logs, or compliance frameworks in the public directory listing.

L7 · Agent Ecosystem✓ mapped

Interacts with external LLM provider ecosystems (OpenAI, Anthropic). Risks include API key exposure, dependency on third-party service availability, and potential cascading failures if upstream model APIs are compromised.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).