AgentReadyHomeAgent Listing

← Sistava

Sistava — agentic threat model

8.0AIVSS 8.0 · High

Sistava presents an exceptionally high-risk profile due to its 'full computer use' capabilities (terminal execution, screen vision, and browser automation) operating directly on the user's OS via active sessions, though mitigated slightly by human-in-the-loop approvals for sensitive steps.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 9.8AARS uplift 0.17Factor sum 7.8/10Threat ×1.1Mitigation ×0.8
Autonomy of Action
0.80
Goal-Driven Planning
0.90
Self-Modification
0.30
Dynamic Tool Use
1.00
Persistent Memory
0.80
Contextual Awareness
0.90
Dynamic Identity
0.80
Multi-Agent Interactions
0.90
Non-Determinism
0.70
Opacity & Reflexivity
0.70

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Powered by frontier models from OpenAI, Anthropic, and Google. Primary threats include prompt injection and jailbreaks that could bypass safety filters to execute unauthorized OS-level commands.

L2 · Data Operations✓ mapped

Utilizes knowledge-graph memory and has direct file access. Threats include knowledge-base poisoning and unauthorized exfiltration of sensitive files accessed during execution.

L3 · Agent Frameworks✓ mapped

Orchestrates complex workflows using durable execution and MCP. Vulnerable to tool-use exploitation where malicious inputs manipulate terminal execution, browser automation, or screen vision actions.

L4 · Deployment & Infrastructure✓ mapped

Executes directly on the user's own OS using existing logged-in sessions. This creates extreme risk of host compromise, privilege escalation, and session hijacking if the agent is compromised.

L5 · Evaluation & Observability✓ mapped

Features layered guardrails and full observability. However, complex multi-step planning or adversarial screen-vision inputs could exploit blind spots in the guardrail logic.

L6 · Security & Compliance (cross-cutting)✓ mapped

Implements auditability and human-in-the-loop (HITL) approvals for sensitive steps. Threats include authorization bypass, approval fatigue, or social engineering of the human approver.

L7 · Agent Ecosystem✓ mapped

Supports multi-agent orchestration and Agent-to-Agent (A2A) communication. Threats include A2A trust abuse, where a compromised specialized agent (e.g., Support) compromises another (e.g., Finance).

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).