Sourcegraph — agentic threat model
The Sourcegraph plugin grants Claude Code deep read access across multiple repositories, presenting a high confidentiality risk if compromised, as it can expose proprietary codebases and sensitive configuration files through automated search and analysis.
OWASP AIVSS score rationale
| Autonomy of Action | 0.50 | |
| Goal-Driven Planning | 0.70 | |
| Self-Modification | 0.10 | |
| Dynamic Tool Use | 0.80 | |
| Persistent Memory | 0.20 | |
| Contextual Awareness | 0.80 | |
| Dynamic Identity | 0.20 | |
| Multi-Agent Interactions | 0.40 | |
| Non-Determinism | 0.50 | |
| Opacity & Reflexivity | 0.50 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — The plugin relies on Claude Code's underlying foundation model, making it susceptible to prompt injection that could force the model to leak sensitive code or perform unauthorized searches.
The plugin accesses extensive codebase data, commits, and diffs via Sourcegraph. Risks include exposure of intellectual property, hardcoded secrets in repositories, and potential data exfiltration if the agent is compromised.
Integrates directly with Claude Code's tool-calling framework to execute Sourcegraph API queries. Vulnerabilities include insecure tool integration where malicious prompts could manipulate search parameters to access restricted repositories.
Not certain from the listing — The deployment infrastructure depends on how Claude Code and the Sourcegraph instance are hosted, raising questions about API key storage, network isolation, and transport security.
Not certain from the listing — There is no mention of built-in guardrails, audit logging, or anomaly detection to monitor the volume or sensitivity of code being accessed by the agent.
Not certain from the listing — It is unclear how Sourcegraph's role-based access control (RBAC) is mapped to the agent, creating a risk of privilege escalation if the agent inherits over-privileged API tokens.
Acts as a bridge between Claude Code and Sourcegraph. This ecosystem interaction introduces risks of cascading failures or trust abuse if Claude Code is manipulated into executing malicious commands on the codebase.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).