AgentReadyHomeAgent Listing

← Storyloft

Storyloft — agentic threat model

6.4AIVSS 6.4 · Medium

Storyloft presents a low-to-moderate agentic risk profile, acting primarily as a human-in-the-loop writing assistant with high contextual awareness of manuscripts but minimal autonomous execution capabilities. The primary security concerns center on intellectual property protection, data privacy of user manuscripts, and prompt injection vulnerabilities within its editing tools.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.8AARS uplift 1.58Factor sum 3.2/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.30
Self-Modification
0.00
Dynamic Tool Use
0.20
Persistent Memory
0.60
Contextual Awareness
0.70
Dynamic Identity
0.00
Multi-Agent Interactions
0.10
Non-Determinism
0.60
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — likely relies on commercial third-party LLMs to power the 'Eddy' assistant. Primary threats include prompt injection to bypass content filters or extract system prompts, and potential data leakage if the underlying model provider uses manuscript inputs for training.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — requires storing large manuscripts, chapters, and notes, likely utilizing a cloud database or vector store to enable 'manuscript-aware' context. Threats include unauthorized access to user intellectual property, data exfiltration, and potential database poisoning if malicious inputs are saved into the manuscript state.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — Eddy orchestrates manuscript reading, editing, and formatting. Threats include insecure handling of large context windows (e.g., indirect prompt injection via manuscript content) and potential tool misuse if formatting or illustration generation tools are exposed to direct LLM manipulation.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — hosted as a closed-source SaaS platform. Threats include standard web application vulnerabilities, insecure API endpoints, and lack of strict tenant isolation which could allow cross-user manuscript access.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no mention of monitoring, guardrails, or evaluation frameworks for Eddy's outputs. Gaps could lead to undetected generation of offensive content or silent corruption of manuscript files during automated editing.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — as a paid, closed-source vertical app, it must protect user IP, but no specific compliance certifications (e.g., SOC 2, GDPR) or robust access controls are detailed in the public directory.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — operates as a standalone vertical writing application with no apparent multi-agent marketplace or external agent-to-agent integrations, minimizing ecosystem-level threats.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).