AgentReadyHomeAgent Listing

← Nutrish.ai

Nutrish.ai — agentic threat model

7.0AIVSS 7.0 · High

Nutrish.ai presents a moderate risk profile due to its handling of sensitive personal health and dietary data combined with a direct conversational channel (WhatsApp). The primary risks involve prompt injection leading to harmful dietary advice and potential exposure of user PII/PHI.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 0.72Factor sum 2.9/10Threat ×1.0Mitigation ×0.85
Autonomy of Action
0.40
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.60
Contextual Awareness
0.50
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes commercial LLMs to generate conversational responses and meal plans. Primary threats include prompt injection that could bypass safety guardrails, leading the model to generate harmful or contraindicated dietary advice.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — stores user profile data, dietary restrictions, and preferences to customize plans. Threats include unauthorized access or exfiltration of sensitive personal health information (PHI) and dietary preferences.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — relies on an orchestration framework to manage user state, weekly check-ins, and WhatsApp message routing. Threats include session hijacking or state-tracking vulnerabilities that could mix up user profiles.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted on cloud infrastructure and integrated with the WhatsApp Business API. Threats include exposure of WhatsApp API credentials and insecure webhook endpoints that could allow unauthorized message injection.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — requires strict guardrails to detect and block medical advice that exceeds the scope of a general nutrition assistant. Threats include a lack of automated monitoring for unsafe health recommendations.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — handling health-related data requires alignment with privacy standards (such as GDPR or HIPAA). Threats include inadequate access controls to user health profiles and lack of clear data deletion mechanisms.

L7 · Agent Ecosystem✓ mapped

The listing does not indicate any multi-agent or marketplace interactions; it operates as a standalone service interacting directly with users via WhatsApp.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).