AgentReadyHomeAgent Listing

← trailofbits-supply-chain-risk-auditor

trailofbits-supply-chain-risk-auditor — agentic threat model

5.6AIVSS 5.6 · Medium

The Trail of Bits Supply Chain Risk Auditor is a passive analytical agent with low autonomy, primarily posing risks related to integrity (such as manipulated risk scores or missed vulnerabilities) rather than active execution or deployment hazards.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.8AARS uplift 0.83Factor sum 1.6/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.20
Self-Modification
0.00
Dynamic Tool Use
0.30
Persistent Memory
0.00
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.30
Opacity & Reflexivity
0.40

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — The specific foundation model used by this Trail of Bits skill is not disclosed. Standard threats like prompt injection or model misalignment could theoretically affect its dependency risk scoring, but no model details are provided.

L2 · Data Operations✓ mapped

Analyzes project dependency manifests as its input surface. Threats include malicious or malformed manifests designed to exploit parsing vulnerabilities or poison the risk assessment logic.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — The orchestration framework (e.g., LangChain, AutoGen, or custom) is not specified. Vulnerabilities could arise from insecure parsing of dependency manifests or tool-calling logic if it dynamically fetches package metadata.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The hosting environment, sandboxing of manifest parsing, and network access controls for fetching external package registry data are not detailed in the public listing.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in observability, logging, or guardrails to detect drift, false positives, or adversarial manipulation of the risk scoring outputs.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Compliance alignments (e.g., NIST SSDF) or access control policies for scanning private repositories are not specified in this basic skill listing.

L7 · Agent Ecosystem⚠ not certain from listing

Not certain from the listing — The listing describes a single-purpose security skill; there is no indication of multi-agent coordination or marketplace integration capabilities.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).