AgentReadyHomeAgent Listing

← My Relationship AI

My Relationship AI — agentic threat model

5.2AIVSS 5.2 · Medium

My Relationship AI is a low-autonomy advisory tool with minimal agentic risk, primarily posing privacy and data exposure risks due to the sensitive personal relationship data it processes.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.3AARS uplift 0.87Factor sum 1.6/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.00
Persistent Memory
0.20
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on a standard commercial or open-source LLM prompted for psychological advice. The primary threat is prompt injection leading to harmful, manipulative, or toxic relationship guidance.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — claims to leverage 'millions of research studies' which suggests a RAG pipeline or a curated knowledge base. Threats include knowledge-base poisoning or unauthorized extraction of the underlying research data and user-submitted relationship profiles.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely uses a basic orchestration framework to inject user profile parameters (relationship stage, living status) into the prompt context. There is minimal risk of tool misuse as no external execution tools are described.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — as an open-source and freemium tool, deployment security depends entirely on the hosting environment. Standard web application vulnerabilities (OWASP Top 10) apply to the hosting infrastructure.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no guardrails, content moderation, or observability logging are mentioned to monitor the safety and appropriateness of the generated relationship advice.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — handles highly sensitive personal and psychological data but does not mention compliance with privacy frameworks (e.g., GDPR) or data encryption standards.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates as a standalone conversational avatar with no indicated multi-agent coordination or marketplace integrations, minimizing ecosystem-level threats.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).