miro-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (e.g., "List and Browse Boards" and "Browse and Manage Board Items") call MIRO_GET_BOARDS2 and MIRO_GET_BOARD_ITEMS to read user-generated Miro board and item content (found in SKILL.md), which the agent must interpret to resolve IDs and drive subsequent actions—exposing it to untrusted third-party content that can influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires adding and using https://rube.app/mcp as the Rube MCP server and calls RUBE_SEARCH_TOOLS at runtime to fetch tool schemas, meaning remote content from that URL directly controls the agent's available tools/instructions.