AgentReadyHomeAgent ListingRuntimePricing

← Omago

Omago — agentic threat model

6.6AIVSS 6.6 · Medium

Omago presents a moderate agentic risk profile, primarily driven by its direct integration with customer-facing communication channels (WhatsApp, Telegram, Web) and its ability to write to a central lead/appointment database, balanced by human-in-the-loop takeover capabilities.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.3AARS uplift 1.48Factor sum 3.8/10Threat ×1.05Mitigation ×0.85
Autonomy of Action
0.60
Goal-Driven Planning
0.40
Self-Modification
0.00
Dynamic Tool Use
0.50
Persistent Memory
0.30
Contextual Awareness
0.60
Dynamic Identity
0.10
Multi-Agent Interactions
0.10
Non-Determinism
0.70
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific underlying multilingual LLM is not disclosed. It is susceptible to prompt injection, language-based bypasses (especially in Cantonese/Mandarin), and model-reprogramming attacks via customer-facing chat inputs.

L2 · Data Operations✓ mapped

The agent ingests business-specific FAQs, hours, and uploaded documents to populate its knowledge base. This creates risks of indirect prompt injection via poisoned business documents or malicious customer inputs designed to exfiltrate proprietary business data.

L3 · Agent Frameworks✓ mapped

The framework orchestrates conversational state, lead capture, and appointment booking. Vulnerabilities include insecure tool integration with the booking system and potential database manipulation through injection attacks during the lead-capture flow.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment (cloud vs. on-premise) and sandboxing of the execution environment are unspecified. Secrets for WhatsApp, Telegram, and calendar APIs must be securely managed to prevent credential theft.

L5 · Evaluation & Observability✓ mapped

The platform supports live monitoring, allowing human operators to watch conversations in real-time and take over. This provides a strong human-in-the-loop mitigation, though automated guardrails against toxic or hallucinated outputs are not detailed.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Compliance with data privacy regulations (such as PDPO in Hong Kong) for storing customer contact details and chat histories is not explicitly detailed in the public directory listing.

L7 · Agent Ecosystem✓ mapped

The agent operates primarily as a single-agent customer service representative interacting with human users, presenting minimal multi-agent or marketplace cascading risks.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).

These scores are auto-generated from public information (the agent's own listing, docs, and repository) using the canonical OWASP AIVSS formula and the MAESTRO framework — an estimate for guidance, not a penetration test, audit, or certification. See the scoring methodology — every score is re-derived by the same automated method as an agent's public evidence changes.