AgentReadyHomeAgent Listing

← OneSky

OneSky — agentic threat model

7.9AIVSS 7.9 · High

OneSky presents a high-risk profile primarily due to its deep integration with sensitive environments like codebase management systems and app stores. While the inclusion of human reviewers mitigates translation errors, a compromise of its multi-agent orchestration could lead to severe supply chain attacks.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.85Factor sum 5.4/10Threat ×1.05Mitigation ×0.85
Autonomy of Action
0.60
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.50
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.80
Non-Determinism
0.50
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Leverages multiple LLMs for translations. Primary threats include adversarial prompt injection that could manipulate translation outputs or cause the model to leak sensitive source code context extracted during the localization process.

L2 · Data Operations✓ mapped

Extracts strings directly from source code and websites. Risks include data exfiltration of proprietary code, and data poisoning of translation memories or glossaries which could systematically corrupt future localizations.

L3 · Agent Frameworks✓ mapped

Orchestrates localization workflows using 'AI teammates'. Insecure tool integration is a critical threat here, as the framework connects directly to code repositories and app stores, creating a vector for unauthorized write operations.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — OneSky is a closed-source SaaS platform. Infrastructure risks likely center on the secure storage and isolation of sensitive API keys, OAuth tokens, and credentials used to access client codebases and app store developer consoles.

L5 · Evaluation & Observability✓ mapped

Features post-editing by human reviewers, which serves as a strong quality guardrail. However, there is no mention of automated security observability or guardrails to detect malicious code injection disguised as localization strings.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no specific compliance certifications (e.g., SOC 2, ISO 27001) or enterprise security policies are detailed in the public directory listing.

L7 · Agent Ecosystem✓ mapped

Utilizes a multi-agent L10N system. Threats include agent-to-agent trust abuse, where a compromised translation agent could trick the string-writing agent into committing malicious payloads back into the customer's codebase.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).