miro-spec-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches user-generated Miro board content from public Miro URLs (e.g., https://miro.com/app/board/...) via the /miro-spec:get workflow and then instructs the AI to automatically read and act on the extracted files in .miro/specs/ for planning and implementation, so untrusted third-party content could inject instructions that influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches Miro board/item URLs at runtime (e.g. https://miro.com/app/board/uXjVK123abc=/ or https://miro.com/app/board/uXjVK-spec=/), saves that remote content into .miro/specs/, and the AI then reads those extracted files as context—meaning external content fetched at runtime directly controls prompts/context for the agent.