miro-way-of-the-code-implement
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a workflow that reads untrusted data from Miro boards to drive code generation, which introduces an indirect prompt injection risk.
- Ingestion points: The skill retrieves Mermaid diagrams and document text from external Miro boards using the
doc_getanddiagram_get_dsltools (documented in §2 and §3 of SKILL.md). - Boundary markers: There are no explicit instructions or delimiters defined to isolate the content retrieved from Miro, which could allow malicious instructions embedded in a diagram or document to influence the agent's code generation behavior.
- Capability inventory: The skill has high-impact capabilities, including the ability to create, modify, or delete files in the repository (§5) and open pull requests via GitHub tools (§6).
- Sanitization: No sanitization or validation of the external content is performed before it is used to determine architectural changes and write code.
- [COMMAND_EXECUTION]: The skill performs automated file system operations and executes shell-based CLI tools to manage the development lifecycle.
- Evidence: Step 5 and Step 6 in SKILL.md detail the creation/deletion of files, Git branch management, and the use of the
ghCLI or GitHub MCP server to create pull requests.
Audit Metadata