miro-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No malicious override or bypass patterns detected in instructions or templates.
- Data Exposure & Exfiltration (LOW): Uses an external MCP endpoint at https://mcp.miro.com for intended board management. No unauthorized data access or exfiltration patterns were found.
- Indirect Prompt Injection (LOW): The skill processes external board content with capabilities to modify items, which is a standard surface for indirect injection. Evidence: (1) Ingestion points: get_items in mcp-tools-reference.md; (2) Boundary markers: Absent; (3) Capability inventory: Board creation and item modification tools; (4) Sanitization: Not documented.
- Unverifiable Dependencies (SAFE): The Miro MCP server is a standard integration for the tool's purpose.
Audit Metadata