AgentReadyHomeAgent Listing

← Rashed by Teammates.ai

Rashed by Teammates.ai — agentic threat model

9.5AIVSS 9.5 · Critical

Rashed presents a high agentic risk profile due to its full autonomy in executing the end-to-end sales cycle and direct integration with CRMs without human-in-the-loop validation. This creates significant exposure to prompt injection, unauthorized financial commitments (e.g., rogue discounts), and customer data exfiltration.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 1.02Factor sum 6.5/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
1.00
Goal-Driven Planning
0.90
Self-Modification
0.20
Dynamic Tool Use
0.80
Persistent Memory
0.80
Contextual Awareness
0.80
Dynamic Identity
0.40
Multi-Agent Interactions
0.30
Non-Determinism
0.70
Opacity & Reflexivity
0.60

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on third-party frontier LLMs to handle multilingual negotiations. This exposes the agent to adversarial prompt injection where a lead could manipulate the model into offering unauthorized discounts or altering contract terms.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — requires access to CRM data and customer interaction history. Gaps in data lineage or lack of encryption for cached negotiation states could lead to PII leaks or CRM data poisoning.

L3 · Agent Frameworks✓ mapped

The agent framework orchestrates a complex multi-step sales pipeline (lead-to-close) and executes tool calls to update CRMs. Without strict schema validation, malicious inputs from external leads could trigger unauthorized CRM state changes or tool misuse.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source SaaS. Security depends entirely on the hosting infrastructure's isolation of tenant data and secure management of CRM API keys.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of real-time guardrails, semantic monitoring, or transaction limits to detect and block anomalous negotiation behavior or abusive inputs before they reach the CRM.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — compliance posture (such as GDPR for handling global customer PII across 50+ languages or SOC2) is not stated, representing a potential compliance gap for enterprise deployment.

L7 · Agent Ecosystem✓ mapped

Operates within a critical ecosystem connecting external communication channels (email/chat) directly to internal enterprise CRMs. A compromise of the agent allows lateral movement to manipulate customer databases or launch downstream phishing attacks against leads.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).