miro-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to configure an external MCP server at 'https://rube.app/mcp'. This allows the agent to dynamically load tool schemas and interact with an external service provider not included in the pre-defined trusted vendor list.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it retrieves and processes content from Miro boards.
- Ingestion points: Untrusted data enters the context via board items and sticky note content retrieved through 'MIRO_GET_BOARD_ITEMS' and 'MIRO_GET_BOARDS2' (SKILL.md).
- Boundary markers: There are no delimiters or instructions to ignore embedded commands within the Miro board data, making the agent susceptible to accidental instruction following.
- Capability inventory: The skill includes sensitive tools such as 'MIRO_SHARE_BOARD' (which can send invitations to external emails) and 'MIRO_CREATE_ITEMS_IN_BULK', which could be leveraged if the agent encounters malicious content on a board.
- Sanitization: There is no mention of content validation or sanitization before the agent acts upon the data retrieved from Miro.
Audit Metadata