AgentReadyHomeAgent Listing

← skill-seekers

skill-seekers — agentic threat model

8.6AIVSS 8.6 · High

The agentic risk posture of skill-seekers is dominated by its file-writing capabilities and ingestion of untrusted external data (web scraping, GitHub repos, PDFs). This creates a significant risk of prompt injection leading to arbitrary file write or local system compromise.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.8AARS uplift 0.77Factor sum 3.5/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.40
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.70
Persistent Memory
0.10
Contextual Awareness
0.50
Dynamic Identity
0.10
Multi-Agent Interactions
0.20
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses Claude AI models to generate skills. Vulnerable to indirect prompt injection via malicious documentation, repositories, or PDFs, which could manipulate the generated skill output or hijack the generation process.

L2 · Data Operations✓ mapped

Ingests external data via web scrapers, GitHub repositories, and PDFs. Vulnerable to data poisoning where an attacker hosts malicious documentation specifically designed to corrupt the skill-generation pipeline.

L3 · Agent Frameworks✓ mapped

Orchestrates scrapers, conflict detectors, and file generators. Insecure tool integration could allow an attacker to exploit the scraper or conflict detection logic to execute unauthorized actions.

L4 · Deployment & Infrastructure✓ mapped

Features a 'real file-writing surface' to emit SKILL.md folders. If the tool is run in an unsandboxed environment, a compromised generation pipeline could write arbitrary files to the host system, leading to local code execution.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of logging, evaluation guardrails, or anomaly detection to monitor the safety of the scraped content or the generated skills.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — as a free, open-source community tool, it likely lacks built-in enterprise compliance frameworks, access controls, or formal audit logging.

L7 · Agent Ecosystem✓ mapped

Generates skills intended for use by other Claude AI agents. This introduces a downstream supply chain risk where compromised or malicious skills generated by this tool are distributed and executed by other agents in the ecosystem.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).