AgentReadyHomeAgent Listing

← plugin-settings

plugin-settings — agentic threat model

4.2AIVSS 4.2 · Medium

This agent is a low-risk informational skill that documents configuration conventions; its primary risk lies in the potential for downstream plugins to insecurely parse the YAML/markdown files it describes.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 3.5AARS uplift 0.65Factor sum 1.0/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.00
Persistent Memory
0.10
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.30
Opacity & Reflexivity
0.20

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The underlying foundation model is not specified. Standard LLM risks apply, such as prompt injection leading to the generation of malicious or malformed configuration templates.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — While the skill documents a pattern for reading local YAML/markdown files, it does not ingest or manage a knowledge base itself. The primary data risk is the potential for untrusted local configuration files to contain malicious payloads.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework is not detailed. However, the pattern of reading `.local.md` files at runtime could lead to path traversal or insecure file parsing if the implementing framework does not properly sanitize file paths and YAML content.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — No deployment infrastructure is described. Since it operates on local project files, it likely runs within the user's local environment (e.g., IDE or desktop client) and inherits its local security posture.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of logging, evaluation, or guardrails to detect if the configuration files being documented or parsed contain malicious inputs.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — No authentication or authorization mechanisms are specified. Security relies entirely on the host operating system's file permissions to restrict access to the `.claude/` directory.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — Although it is part of the `plugin-dev` ecosystem, there is no active multi-agent coordination described, though other plugins may consume the configuration files generated under this convention.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).