Skills
skills/scientiacapital/skills/miro-skill/Gen Agent Trust Hub

miro-skill

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the configuration of the Miro Model Context Protocol (MCP) server from the official domain at https://mcp.miro.com.
  • [COMMAND_EXECUTION]: Setup instructions include adding the Miro MCP server to the agent environment and performing OAuth authentication via the command line.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface where external data is incorporated into Miro board items through templates.
  • Ingestion points: reference/prompt-templates.md specifies templates for strategy, architecture, and sprint boards that ingest variables such as task names, competitor details, and system components.
  • Boundary markers: No explicit delimiters or isolation instructions are present in the prompt templates to separate untrusted data from the agent's instructions.
  • Capability inventory: The skill possesses extensive capabilities to read and write to the Miro service via the tools documented in reference/mcp-tools-reference.md.
  • Sanitization: There is no evidence of input validation or content filtering for the data processed into the Miro items.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 06:50 PM