mural
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- Industry-Standard Credential Management: The skill implements secure storage for OAuth tokens and application credentials using OS-level keychains (via the keyring package) or local files with restricted 0600 permissions. The security model includes a full STRIDE threat analysis, demonstrating a high level of security maturity.
- Comprehensive Input Validation: The implementation includes rigorous validation for Mural identifiers, SSRF protection via hostname allowlisting for asset uploads to Azure Blob Storage, and strict scheme allowlists for hyperlinks to prevent cross-tenant attack vectors.
- Privacy-Focused Logging: A dedicated redaction mechanism is utilized to scrub sensitive information, including OAuth tokens, client secrets, and PKCE parameters, from all log output and error messages.
- Content Security Awareness: The documentation explicitly identifies user-authored content from Mural boards as untrusted input and provides guidance for downstream AI agents to handle this data safely, mitigating risks associated with indirect prompt injection surfaces.
Audit Metadata