miro-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs users to add a third-party MCP server (https://rube.app/mcp) to their configuration. This domain is not recognized as a trusted source in the analyzer's list, and the tools provided by this server are executed by the agent to perform actions.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected due to data ingestion from Miro boards. Ingestion points: Board items and metadata are ingested via MIRO_GET_BOARD_ITEMS (SKILL.md). Boundary markers: No delimiters or 'ignore instructions' warnings are provided to the agent for processing board content. Capability inventory: The skill possesses sensitive capabilities including MIRO_SHARE_BOARD (sharing permissions) and MIRO_CREATE_ITEMS_IN_BULK (content modification). Sanitization: No sanitization or escaping of external Miro content is performed before interpolation into the agent's context.
Audit Metadata