miro-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts and displays arbitrary external/user-generated content — for example text_images.create_embed and upload_image_from_url accept arbitrary URLs to embed or import web pages/images, and the GitHub Actions integration ingests public GitHub issue/PR text to create sticky notes — so untrusted third-party content can be surfaced to the agent/workflow.