AgentReadyHomeAgent Listing

← Docs Canvas

Docs Canvas — agentic threat model

5.2AIVSS 5.2 · Medium

Docs Canvas is a low-risk, read-only documentation visualization plugin with minimal agentic autonomy, primarily presenting a security risk through potential exposure of sensitive codebase or API documentation to the underlying model.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 0.92Factor sum 1.7/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.10
Contextual Awareness
0.50
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — relies on Cursor's underlying foundation models. Primary threats include prompt injection via malicious codebase comments or documentation files designed to hijack the rendering output or generate misleading diagrams.

L2 · Data Operations✓ mapped

Reads local repository documentation, API references, and source code. Threat of data exfiltration if the model or plugin is compromised and transmits sensitive intellectual property or hardcoded secrets from the codebase to external endpoints.

L3 · Agent Frameworks✓ mapped

Orchestrates the parsing of files to generate a structured Canvas view. Risk of insecure tool integration if the parsing logic or diagram generation tools are vulnerable to path traversal or command injection via malformed source files.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — runs locally as a Cursor plugin. Security posture depends entirely on the host IDE's sandboxing, local file permissions, and network isolation capabilities.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — likely lacks dedicated observability or guardrails, relying on the user to visually inspect the generated Canvas and diagrams for accuracy and safety.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — lacks explicit mention of compliance, access controls, or audit logging. Relies on the user's local workstation security and repository access permissions.

L7 · Agent Ecosystem✓ mapped

Operates as an isolated plugin within the IDE ecosystem. Minimal multi-agent risk, though it could theoretically interact with other installed Cursor plugins or extensions if they share the same workspace context.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).