AgentReadyHomeAgent Listing

← Keycaps AI

Keycaps AI — agentic threat model

6.1AIVSS 6.1 · Medium

Keycaps AI is a low-risk, specialized creative agent focused on image generation and simple landing page publishing, with primary risks centered around web application security, user data collection (emails), and potential API abuse.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 5.3AARS uplift 0.75Factor sum 1.6/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.20
Contextual Awareness
0.10
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The agent relies on underlying text-to-image foundation models to generate keycap designs, making it susceptible to prompt injection, adversarial bypasses of safety filters, and model-reprogramming attempts to generate inappropriate content.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The agent collects user interest (likely email addresses) and stores generated keycap images. Risks include unauthorized access to collected user data, lack of data lineage, and potential database injection via user-supplied metadata.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework likely manages the pipeline from prompt input to image generation and page publishing. Vulnerabilities could include insecure tool integration if the publishing mechanism allows arbitrary HTML/JS injection.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The agent hosts user-facing 'share pages'. If the hosting infrastructure is not properly sandboxed, attackers could exploit the publishing feature to host phishing pages or distribute malware under the Keycaps AI domain.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of content moderation guardrails or logging mechanisms to detect and block abusive prompts, copyright-infringing generations, or automated spamming of the interest collection forms.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Standard web security controls (authentication, authorization, rate limiting) are required to protect user accounts and prevent API exhaustion from unauthorized image generation requests.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The agent operates primarily as a standalone horizontal tool with no explicit multi-agent or marketplace integrations described, minimizing ecosystem-level cascading risks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).