AgentReadyHomeAgent Listing

← pdf-fill-studio

pdf-fill-studio — agentic threat model

6.9AIVSS 6.9 · Medium

The pdf-fill-studio agent presents a moderate local risk profile; while it enforces a human-in-the-loop control by leaving signatures blank, its ability to execute bundled scripts and read/write local disk files introduces potential local file system compromise vectors.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.8AARS uplift 0.29Factor sum 1.3/10Threat ×1.0Mitigation ×0.85
Autonomy of Action
0.30
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.40
Persistent Memory
0.00
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.20
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The description does not specify which foundation model is used to drive the agent skill or if it relies on a local or remote LLM for value placement.

L2 · Data Operations✓ mapped

Reads and writes PDF files directly on the local disk. This introduces risks of processing malicious PDFs (parser exploits) or unauthorized data exfiltration if sensitive local files are read and processed.

L3 · Agent Frameworks✓ mapped

Runs bundled scripts and a local editor to orchestrate PDF filling. Threat of insecure tool integration or command injection if the input values passed to the scripts are not properly sanitized.

L4 · Deployment & Infrastructure✓ mapped

Runs locally on the user's machine. Threat of local host compromise or privilege escalation if the bundled browser editor or local execution environment contains unpatched vulnerabilities.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — No built-in logging, guardrails, or evaluation mechanisms are mentioned for monitoring the PDF filling accuracy or detecting anomalous file access.

L6 · Security & Compliance (cross-cutting)✓ mapped

Enforces a clear security boundary by explicitly leaving the signature field blank for the user, ensuring human-in-the-loop authorization. However, it lacks formal access controls or audit logging for local file operations.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — No multi-agent or marketplace interactions are described, as it operates as a standalone local skill.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).