miro-platform

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill documents MCP tools and Sidekicks that use context_explore/context_get to read board content (references/design-to-code.md and MCP Tools) and also describes embedding live external content (e.g., YouTube, Figma, Google Docs, Loom in references/content-types.md), meaning the agent is expected to ingest user-generated or public third-party content from boards and external embeds that could carry indirect prompt injection.