AgentReadyHomeAgent Listing

← nAIdem

nAIdem — agentic threat model

6.0AIVSS 6.0 · Medium

nAIdem is a low-to-medium risk research assistant whose primary threat vector is indirect prompt injection from untrusted web sources scraped during search operations, potentially leading to manipulated summaries or SSRF.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.8AARS uplift 1.25Factor sum 2.4/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.10
Contextual Awareness
0.40
Dynamic Identity
0.00
Multi-Agent Interactions
0.20
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying LLM is not specified. It is vulnerable to standard foundation model threats such as indirect prompt injection via scraped web content, which could reprogram the agent to output biased or malicious summaries.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The agent performs real-time web scraping and RAG. This introduces risks of data poisoning from malicious web pages, embedding inversion, or exfiltration of user queries through crafted search results.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework is proprietary. Risks include insecure tool integration (web scrapers) and potential remote code execution or SSRF if the scraper is coerced into visiting malicious internal or external endpoints.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — Hosting and sandboxing details are undisclosed. If the web scraping component is not properly sandboxed, it could be leveraged for SSRF or IP rotation abuse.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No monitoring, logging, or guardrails are mentioned. There is a risk of blind spots regarding what sources the agent accesses and how it filters out malicious or toxic content.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No compliance certifications (e.g., SOC2, ISO) or explicit user authentication/authorization policies are detailed for this free, closed-source tool.

L7 · Agent Ecosystem✓ mapped

The listing mentions 'AI agents' scanning and analyzing sources. This multi-agent coordination for parallel reading introduces risks of cascading failures or trust abuse if one sub-agent is compromised by a malicious source.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).