AgentReadyHomeAgent Listing

← PerfectBot

PerfectBot — agentic threat model

7.7AIVSS 7.7 · High

PerfectBot is a customer service AI agent integrated with Gorgias and Shopify, presenting moderate-to-high risk due to its direct access to sensitive e-commerce customer data (PII) and its ability to execute transactional actions on Shopify.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.1Factor sum 4.4/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.70
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.40
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.20
Non-Determinism
0.50
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation models powering PerfectBot are not disclosed. Threats include prompt injection leading to unauthorized system instructions or bypass of safety guardrails during customer interactions.

L2 · Data Operations✓ mapped

PerfectBot ingests 'multiple knowledge sources' and connects to 'Shopify Data'. This introduces risks of knowledge-base poisoning (injecting malicious instructions into FAQs) and unauthorized exfiltration of customer PII or order history via prompt injection.

L3 · Agent Frameworks✓ mapped

The agent executes 'AI actions' on Shopify and manages 'smart handover scenarios' in Gorgias. Insecure tool integration or flawed orchestration could allow attackers to manipulate API calls to modify orders, trigger unauthorized refunds, or spam human agents.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting infrastructure, network isolation, and API credential storage mechanisms for Gorgias and Shopify integrations are not detailed.

L5 · Evaluation & Observability⚠ not certain from listing

The listing mentions 'easy improvement' but lacks details on automated guardrails, drift detection, or real-time monitoring of LLM outputs to prevent toxic or inaccurate responses to customers.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — While operating in highly regulated e-commerce environments (handling PII and transaction data), specific compliance certifications (e.g., SOC 2, GDPR, PCI-DSS) are not explicitly detailed in the directory listing.

L7 · Agent Ecosystem✓ mapped

PerfectBot operates within a multi-platform ecosystem (Gorgias, Shopify, and email/chat channels). Risks include cascading failures if the Shopify API experiences downtime or if malicious inputs from external users compromise the Gorgias ticketing workflow.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).