AgentReadyHomeAgent Listing

← Sourcegraph

Sourcegraph — agentic threat model

8.7AIVSS 8.7 · High

The Sourcegraph plugin grants Claude Code deep read access across multiple repositories, presenting a high confidentiality risk if compromised, as it can expose proprietary codebases and sensitive configuration files through automated search and analysis.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.5AARS uplift 1.18Factor sum 4.7/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.50
Goal-Driven Planning
0.70
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.20
Contextual Awareness
0.80
Dynamic Identity
0.20
Multi-Agent Interactions
0.40
Non-Determinism
0.50
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The plugin relies on Claude Code's underlying foundation model, making it susceptible to prompt injection that could force the model to leak sensitive code or perform unauthorized searches.

L2 · Data Operations✓ mapped

The plugin accesses extensive codebase data, commits, and diffs via Sourcegraph. Risks include exposure of intellectual property, hardcoded secrets in repositories, and potential data exfiltration if the agent is compromised.

L3 · Agent Frameworks✓ mapped

Integrates directly with Claude Code's tool-calling framework to execute Sourcegraph API queries. Vulnerabilities include insecure tool integration where malicious prompts could manipulate search parameters to access restricted repositories.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment infrastructure depends on how Claude Code and the Sourcegraph instance are hosted, raising questions about API key storage, network isolation, and transport security.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in guardrails, audit logging, or anomaly detection to monitor the volume or sensitivity of code being accessed by the agent.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — It is unclear how Sourcegraph's role-based access control (RBAC) is mapped to the agent, creating a risk of privilege escalation if the agent inherits over-privileged API tokens.

L7 · Agent Ecosystem✓ mapped

Acts as a bridge between Claude Code and Sourcegraph. This ecosystem interaction introduces risks of cascading failures or trust abuse if Claude Code is manipulated into executing malicious commands on the codebase.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).