The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill requires connecting to an external MCP server at https://rube.app/mcp. This domain is not listed in the trusted organizations or repositories list. As the primary provider for the tools, it constitutes an unverifiable dependency for remote tool execution.
DATA_EXFILTRATION (LOW): The skill includes the MIRO_SHARE_BOARD tool which allows sending board invites to any email address. While this is a core functionality of Miro, it could be leveraged by a malicious actor or an injected instruction to exfiltrate board access.
PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it reads content from external Miro boards. 1. Ingestion points: Data enters the agent context via MIRO_GET_BOARD_ITEMS. 2. Boundary markers: No boundary markers or 'ignore' instructions are provided in the skill to handle retrieved item content. 3. Capability inventory: The agent has high-impact capabilities including board sharing (MIRO_SHARE_BOARD) and bulk item creation. 4. Sanitization: No sanitization or validation of the board content is specified before the agent processes the retrieved text.

miro-automation