miro-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs users to add an external MCP server located at
https://rube.app/mcp. This domain is not identified within the set of trusted organizations or repositories. As this service provides the primary toolset for the skill, it represents an unverifiable external dependency that manages authentication and data flow for Miro. - PROMPT_INJECTION (LOW): The skill exhibits a surface for indirect prompt injection by ingesting untrusted data from external Miro boards. 1. Ingestion points: Untrusted data enters the agent context via
MIRO_GET_BOARD_ITEMSandMIRO_GET_BOARDS2. 2. Boundary markers: The instructions do not define delimiters or provide 'ignore embedded instructions' warnings for the data retrieved from Miro. 3. Capability inventory: The skill has significant capabilities including board sharing (MIRO_SHARE_BOARD), bulk item creation (MIRO_CREATE_ITEMS_IN_BULK), and item modification. 4. Sanitization: There is no evidence of content sanitization or validation before the agent processes board data.
Audit Metadata