AgentReadyHomeAgent Listing

← MinutesLink

MinutesLink — agentic threat model

9.4AIVSS 9.4 · Critical

MinutesLink presents a high agentic risk profile due to its autonomous ability to join private meetings, record sensitive conversations, and train personalized avatars that can act and converse on behalf of users, creating significant data privacy and impersonation vectors.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.91Factor sum 5.8/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.60
Self-Modification
0.30
Dynamic Tool Use
0.60
Persistent Memory
0.80
Contextual Awareness
0.70
Dynamic Identity
0.50
Multi-Agent Interactions
0.20
Non-Determinism
0.60
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes third-party speech-to-text and LLMs for transcription, summarization, and avatar generation. Key threats include prompt injection via meeting audio/chat and model reprogramming during avatar interaction.

L2 · Data Operations✓ mapped

High risk. The agent ingests, processes, and stores highly sensitive meeting audio, transcripts, and user interaction history over time to train personalized avatars. This creates a high-value target for data exfiltration, unauthorized access, and training data poisoning.

L3 · Agent Frameworks✓ mapped

The agent orchestrates calendar monitoring, autonomous meeting joining, audio recording, and avatar task execution. Vulnerabilities include insecure tool integration with Google Workspace APIs and unauthorized task execution by the trained avatars.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — requires infrastructure to host the bot that joins calls, process real-time audio streams, and store recordings. Threats include container compromise, unauthorized access to cloud storage buckets containing raw audio, and insecure API endpoints.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires robust guardrails and observability to monitor avatar conversations and prevent them from generating harmful, hallucinated, or unauthorized statements when representing the user.

L6 · Security & Compliance (cross-cutting)✓ mapped

Critical compliance and security layer. The agent must handle OAuth permissions for Google Calendar/Meet securely, comply with regional wiretapping/recording consent laws, and enforce strict access controls to prevent unauthorized sharing of meeting minutes.

L7 · Agent Ecosystem✓ mapped

The deployment of personalized avatars to 'engage in conversations' and 'monetize expertise' introduces severe identity and trust risks, including avatar hijacking, social engineering of external parties, and unauthorized representation of the user.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).