AgentReadyHomeAgent Listing

← LaunchWall

LaunchWall — agentic threat model

8.6AIVSS 8.6 · High

LaunchWall exhibits low agentic risk due to its highly constrained, human-in-the-loop workflow. However, its integration with X OAuth and the generation of embeddable widgets introduce significant traditional application security risks, particularly supply-chain Stored XSS on customer websites.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.3AARS uplift 0.25Factor sum 1.5/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.20
Contextual Awareness
0.20
Dynamic Identity
0.30
Multi-Agent Interactions
0.00
Non-Determinism
0.20
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The exact LLM used for curating or formatting replies is unspecified. Potential threats include prompt injection if malicious X replies are processed by the model to generate carousel text, leading to unexpected outputs.

L2 · Data Operations✓ mapped

The agent ingests external data (X replies) and stores curated selections. Threats include data poisoning if malicious users post replies designed to exploit the ingestion pipeline, or unauthorized access to stored user data.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — It is unclear if a formal agent framework is used. The orchestration seems to be a standard linear pipeline, minimizing tool-use risks beyond the X API integration.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Hosting details are not provided. The primary infrastructure threat is the compromise of the widget delivery CDN, which could allow attackers to inject malicious JavaScript into client websites embedding the carousels.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No monitoring or guardrail mechanisms are mentioned. There is a risk of failing to detect toxic or inappropriate content fetched from X if automated filtering is absent.

L6 · Security & Compliance (cross-cutting)✓ mapped

The tool relies on 'Sign in with X' (OAuth). Security risks include insecure storage of OAuth tokens and lack of granular scopes, potentially exposing users' X accounts if the database is compromised.

L7 · Agent Ecosystem✓ mapped

The agent operates independently without multi-agent interactions. The ecosystem risk is low, limited to its dependency on the X API platform and the downstream websites embedding its widgets.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).