miro-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires connection to a remote MCP server endpoint at 'https://rube.app/mcp' to function. While this is the intended design for utilizing Rube MCP, it involves a third-party service outside the provided trusted vendor list.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from content stored within Miro boards.
- Ingestion points: The agent retrieves potentially untrusted data from Miro items and boards using 'MIRO_GET_BOARD_ITEMS' and 'MIRO_GET_BOARDS2'.
- Boundary markers: There are no explicit instructions to the model to ignore embedded commands or use of delimiters when processing retrieved item content.
- Capability inventory: The skill possesses high-impact capabilities including 'MIRO_SHARE_BOARD' (which can send invitations to email addresses) and bulk item modification.
- Sanitization: No sanitization or filtering logic is present to validate the data fetched from the external Miro environment before processing.
Audit Metadata