miro-code-spec

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to take download URLs returned by the MCP and directly embed them into generated curl commands and saved outputs (e.g., curl "...[download_url]..."), which forces the LLM to handle and emit potentially sensitive signed URLs/tokens verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to fetch and parse user-supplied Miro board/item content (using context_explore, context_get and image_get_url, plus a subagent that parses prototype HTML and downloads images — see the "Discover Items" and "Extract Content" / "Prototype screens" sections), so arbitrary user-generated Miro content is read and used to drive tool actions and downstream decisions.