AgentReadyHomeAgent Listing

← MadeWithStack

MadeWithStack — agentic threat model

5.7AIVSS 5.7 · Medium

MadeWithStack acts primarily as a curated registry and verification platform rather than an autonomous agent, presenting low direct operational risk but moderate supply-chain risk if its verification processes or directory integrity are compromised.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 0.67Factor sum 1.9/10Threat ×1.0Mitigation ×0.8
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.40
Contextual Awareness
0.20
Dynamic Identity
0.10
Multi-Agent Interactions
0.20
Non-Determinism
0.20
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The platform's use of foundation models for parsing submissions or automating verification is unspecified. If LLMs are used, they face risks of prompt injection to bypass submission criteria.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The platform manages a database of directory listings, verification claims, and public stack evidence. Threats include unauthorized modification of verification states and data poisoning of listed agent metadata.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — It is a directory platform rather than an active orchestrator, but any internal automation frameworks face risks of insecure API integration during programmatic submission.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Hosting of the directory and programmatic submission API. Threats include API abuse, DDoS, or container compromise of the verification environment.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No specific logging or guardrails are detailed, though manual review acts as a human-in-the-loop evaluation step.

L6 · Security & Compliance (cross-cutting)✓ mapped

The platform implements a 'manual review of listed products' and a 'claim verification system' to ensure data integrity and prevent fraudulent listings.

L7 · Agent Ecosystem✓ mapped

As a directory for agent-built tools, it sits at the center of the agent ecosystem. The primary threat is supply chain compromise, where malicious agents are listed as 'verified,' leading to downstream trust abuse.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).