AgentReadyHomeAgent Listing

← FasadPro

FasadPro — agentic threat model

5.3AIVSS 5.3 · Medium

FasadPro exhibits very low agentic risk as it operates primarily as a single-turn image-to-image transformation tool integrated into Telegram, with minimal autonomy, planning, or tool-use capabilities.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 0.97Factor sum 1.7/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.00
Persistent Memory
0.10
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes a latent diffusion model (such as Stable Diffusion) with ControlNet for architectural styling. Primary threats include adversarial image inputs designed to break safety filters or cause extreme rendering glitches, and potential model-stealing if proprietary fine-tunes are used.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — requires ingestion and storage of user-uploaded home photos. Key risks involve unauthorized access to user-uploaded imagery, lack of secure transient storage, and potential data exfiltration of private property photos.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — the application likely uses a standard API backend rather than an autonomous agent framework. Risk of classic agent vulnerabilities like prompt injection leading to tool misuse is extremely low due to the lack of execution tools.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — deployed as a Telegram Mini App. Risks include insecure webhook configurations, exposure of Telegram API tokens, and typical cloud hosting vulnerabilities on the backend rendering servers.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of input/output guardrails to prevent users from uploading non-building photos (e.g., explicit content) or to detect adversarial attempts to bypass generation limits.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — being closed-source and freemium, there are no explicit details on GDPR compliance regarding user property photos, data deletion policies, or access controls for stored images.

L7 · Agent Ecosystem✓ mapped

The agent operates as a standalone vertical application with no multi-agent collaboration, marketplace integrations, or external agent-to-agent communication described.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).