miro-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly requires calling MIRO_GET_BOARDS2 and MIRO_GET_BOARD_ITEMS (see "List and Browse Boards" and "Item lookup on board") and instructs the agent to find items "by content" and extract IDs, so the agent fetches and interprets user-generated Miro board content that could contain instructions influencing subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires adding and calling the MCP endpoint https://rube.app/mcp at runtime (e.g., via RUBE_SEARCH_TOOLS) to fetch tool schemas that directly determine the agent's available prompts/instructions, so this external content can control agent behavior.