AgentReadyHomeAgent Listing

← supply-chain-guard

supply-chain-guard — agentic threat model

9.2AIVSS 9.2 · Critical

The supply-chain-guard agent possesses high agentic risk due to its capability to perform automated remediation (write actions) on CI/CD pipelines and filesystems, making it a high-value target for hijacking.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.72Factor sum 4.6/10Threat ×1.05Mitigation ×1.0
Autonomy of Action
0.80
Goal-Driven Planning
0.60
Self-Modification
0.10
Dynamic Tool Use
0.70
Persistent Memory
0.20
Contextual Awareness
0.80
Dynamic Identity
0.40
Multi-Agent Interactions
0.10
Non-Determinism
0.50
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — the specific underlying foundation model is not disclosed. If the model is susceptible to prompt injection, an attacker could craft a malicious package name or CI/CD configuration file that hijacks the agent's execution flow during scanning.

L2 · Data Operations✓ mapped

The agent relies on a local IOC database dated 2026-03-31. There is a risk of data poisoning if the database update mechanism is compromised, or a risk of evasion if attackers use novel indicators not present in the static snapshot.

L3 · Agent Frameworks✓ mapped

The agent orchestrates scanning and remediation tools. Insecure tool integration is a major threat here; if the remediation logic is poorly bounded, the agent could be tricked into deleting legitimate files or injecting malicious code under the guise of 'remediation'.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — the hosting environment is not specified. However, because the agent scans filesystems and CI/CD pipelines, it requires high-privilege access to sensitive environments, making container escape or credential theft a critical threat if the runner is not sandboxed.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — there is no mention of logging, guardrails, or observability frameworks. Without these, unauthorized remediation actions or silent failures during scanning may go completely undetected.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — no identity, authorization policies, or compliance certifications are mentioned. The agent likely operates with the ambient authority of the CI/CD runner or user executing it, lacking fine-grained access controls.

L7 · Agent Ecosystem✓ mapped

As an 'Agent Skill' published in a directory, it represents a modular ecosystem component. If published to a public marketplace without strict signature verification, it could be subject to dependency confusion or malicious upstream updates.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).