miro-way-of-the-code-implement

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a workflow that reads untrusted data from Miro boards to drive code generation, which introduces an indirect prompt injection risk.
  • Ingestion points: The skill retrieves Mermaid diagrams and document text from external Miro boards using the doc_get and diagram_get_dsl tools (documented in §2 and §3 of SKILL.md).
  • Boundary markers: There are no explicit instructions or delimiters defined to isolate the content retrieved from Miro, which could allow malicious instructions embedded in a diagram or document to influence the agent's code generation behavior.
  • Capability inventory: The skill has high-impact capabilities, including the ability to create, modify, or delete files in the repository (§5) and open pull requests via GitHub tools (§6).
  • Sanitization: No sanitization or validation of the external content is performed before it is used to determine architectural changes and write code.
  • [COMMAND_EXECUTION]: The skill performs automated file system operations and executes shell-based CLI tools to manage the development lifecycle.
  • Evidence: Step 5 and Step 6 in SKILL.md detail the creation/deletion of files, Git branch management, and the use of the gh CLI or GitHub MCP server to create pull requests.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 10:50 AM
Security Audit — agent-trust-hub — miro-way-of-the-code-implement