AgentReadyHomeAgent Listing

← skill-bus

skill-bus — agentic threat model

7.7AIVSS 7.7 · High

skill-bus acts as an orchestration middleware for declarative skill composition and context injection, presenting risks of malicious skill injection and unauthorized tool execution if the declarative configurations are tampered with.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 1.22Factor sum 3.5/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.30
Goal-Driven Planning
0.40
Self-Modification
0.20
Dynamic Tool Use
0.70
Persistent Memory
0.10
Contextual Awareness
0.60
Dynamic Identity
0.10
Multi-Agent Interactions
0.50
Non-Determinism
0.30
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — skill-bus is a meta-plugin for skill composition and does not specify or bundle a foundation model.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — skill-bus manages skill composition and context injection, but does not detail its own vector stores or data pipelines.

L3 · Agent Frameworks✓ mapped

skill-bus operates directly at this layer by enabling declarative skill composition and context/condition injection. The primary threats are insecure skill composition, malicious context injection, and the bypass of execution conditions within the orchestration framework.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — skill-bus is a zero-dependency meta-plugin, but its deployment environment (sandboxing, hosting) is not specified.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of built-in logging, evaluation, or guardrails for the skill composition.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — the listing does not mention authentication, authorization, or policy enforcement mechanisms for skill execution.

L7 · Agent Ecosystem✓ mapped

By enabling multi-skill composition and injection of skills into other skills, it facilitates a local ecosystem of tools/agents. Threats include cascading failures across composed skills and unauthorized skill-to-skill interactions.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).