AgentReadyHomeAgent Listing

← Trellis 3D

Trellis 3D — agentic threat model

7.0AIVSS 7.0 · High

Trellis 3D exhibits low agentic risk, operating primarily as a single-turn generative utility for 3D assets rather than an autonomous agent. The primary security concerns center on model IP protection, secure handling of user-uploaded files, and preventing the generation of malicious or policy-violating 3D formats.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 6.5AARS uplift 0.5Factor sum 1.5/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.10
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.10
Contextual Awareness
0.20
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.40
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Uses specialized 3D generative models (likely diffusion or feed-forward reconstruction networks). Key threats include model stealing/extraction of proprietary weights, adversarial input images designed to crash the generator, and prompt injection to bypass content filters.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — handles user-uploaded 2D images and text prompts. If these uploads are stored or used for downstream training without consent, it poses data privacy, intellectual property leakage, and poisoning risks.

L3 · Agent Frameworks⚠ not certain from listing

Not certain from the listing — likely uses a deterministic pipeline rather than an agentic framework. Risks involve insecure integration of file conversion utilities or rendering engines during the 3D generation process.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — relies on cloud-hosted GPU infrastructure to offload local hardware requirements. Threats include resource exhaustion (denial of service) due to heavy 3D rendering workloads and container escape vulnerabilities.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no details are provided regarding input validation, output guardrails, or abuse monitoring to prevent the generation of copyrighted, unsafe, or malicious 3D assets.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — standard web authentication and freemium tiering are implied, but compliance with data protection standards (e.g., GDPR for user uploads) is unverified.

L7 · Agent Ecosystem✓ mapped

The tool operates as a standalone horizontal service with no described multi-agent interactions, marketplace integrations, or agent-to-agent trust boundaries.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).