AgentReadyHomeAgent Listing

← Ourdia

Ourdia — agentic threat model

5.9AIVSS 5.9 · Medium

Ourdia presents a moderate risk profile primarily driven by its access to sensitive inbox data and the threat of indirect prompt injection via incoming emails, though its strict human-in-the-loop requirement for sending replies significantly mitigates unauthorized active operations.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 0.91Factor sum 2.6/10Threat ×1.0Mitigation ×0.8
Autonomy of Action
0.30
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.20
Contextual Awareness
0.50
Dynamic Identity
0.20
Multi-Agent Interactions
0.00
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely utilizes commercial LLMs for drafting and categorization. The primary threat is indirect prompt injection, where malicious instructions embedded in incoming emails trick the model into generating exfiltration drafts or ignoring categorization rules.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — requires continuous ingestion of email content. Threats include data exfiltration of sensitive personal or business communications, and potential data poisoning if historical emails are used to fine-tune or guide the 'voice and tone' of the agent.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — orchestrates email parsing and draft creation. Insecure tool integration is a key threat; if the email API integration lacks strict scoping, a compromise of the orchestration layer could allow direct sending of emails, bypassing the human-in-the-loop control.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — likely hosted as a cloud-based SaaS. The most critical threat at this layer is the insecure storage of user OAuth tokens (e.g., Gmail/Outlook API keys), which if compromised would grant attackers direct access to user inboxes.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no details on monitoring or guardrails. Without robust observability, stealthy indirect prompt injection attacks or data leakage via drafted replies may go undetected by both the user and the platform.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — requires OAuth authentication. Compliance risks are high due to the processing of PII and sensitive business data contained within emails, necessitating strict alignment with GDPR/CCPA and robust access controls.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates as a standalone personal assistant. Ecosystem threats are minimal, though it could interact transitively with other automated email agents, potentially leading to infinite reply loops or cascading formatting errors.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).