AgentReadyHomeAgent Listing

← Matthew

Matthew — agentic threat model

9.1AIVSS 9.1 · Critical

Matthew (matmat AI) presents a high-risk profile due to its direct, autonomous exposure to public communication channels (SMS, calls, web forms) and its handling of sensitive industry data (healthcare, real estate) without documented security controls, making it highly susceptible to prompt injection and data exfiltration.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.1AARS uplift 1.02Factor sum 5.1/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.70
Contextual Awareness
0.80
Dynamic Identity
0.20
Multi-Agent Interactions
0.10
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on commercial LLMs for conversational capabilities. The primary threat is direct and indirect prompt injection via incoming customer messages (SMS, web forms) which could hijack the model's output or alignment.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — likely utilizes a RAG system or vector database containing business-specific FAQs, product details, or client intake guidelines. Vulnerable to data poisoning if malicious customer inputs are ingested into persistent memory, or data exfiltration of sensitive customer PII/PHI.

L3 · Agent Frameworks✓ mapped

The agent orchestrates incoming messages across multiple channels (SMS, calls, forms) and triggers automated responses. Vulnerable to indirect prompt injection where an incoming message manipulates the orchestrator to execute unauthorized tool calls, such as sending spam texts or triggering unauthorized API calls to third-party platforms.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely hosted as a closed-source SaaS platform. Vulnerable to standard web application threats, API key exposure for communication gateways (e.g., Twilio), and lack of sandboxing for webhook processing.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of real-time guardrails, output filtering, or monitoring of conversational outputs. This creates a blind spot where the agent could generate toxic, hallucinated, or legally binding false promises to customers without detection.

L6 · Security & Compliance (cross-cutting)✓ mapped

The listing explicitly mentions use in 'healthcare' and 'real estate', implying the handling of highly regulated data (HIPAA, GDPR). However, there is no mention of compliance certifications, access controls, or audit logging, presenting a high risk of regulatory non-compliance.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — mentions integration with 'third-party platforms', which could expose the agent to cascading failures or trust abuse if integrated APIs or external agents are compromised.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).