miro-code-to-board-architecture

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill operates as intended, providing repository auditing and visualization features without hidden malicious behavior or obfuscation.
  • [DATA_EXFILTRATION]: The skill extracts codebase information, including module dependencies, architectural flows, and specific code snippets, and transmits them to the Miro cloud platform. This is the primary function of the skill, and it utilizes vendor-provided MCP tools from the author (miroapp).
  • [COMMAND_EXECUTION]: The skill executes local shell commands, specifically git rev-parse HEAD, to identify the current repository state and generate direct links to source files on hosting platforms like GitHub or GitLab.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes untrusted source code and metadata from the local repository.
  • Ingestion points: Reads repository manifests (e.g., package.json, go.mod) and traverses source code files to build dependency graphs and trace user flows (SKILL.md §1, §2, §3).
  • Boundary markers: Absent. The instructions do not define delimiters or specific instructions for the agent to ignore potentially malicious commands embedded in the codebase content it processes.
  • Capability inventory: The skill can create boards, diagrams, documents, and code widgets on a third-party service via MCP tools (SKILL.md §8).
  • Sanitization: Absent. There is no explicit requirement for the agent to sanitize or escape code comments or prose extracted from the repository before rendering them on the Miro board.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 01:19 PM
Security Audit — agent-trust-hub — miro-code-to-board-architecture