The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes external, untrusted content from Miro boards, which presents a surface for indirect prompt injection. This risk is inherent to the tool's primary function of content extraction. To mitigate this, the skill uses isolated subagents for handling complex assets like prototype HTML, preventing untrusted content from bloating or potentially influencing the main agent's context.
Ingestion points: Content retrieved from Miro boards via context_explore, context_get, and table_list_rows (as seen in SKILL.md).
Boundary markers: None explicitly defined; the instructions do not implement specific delimiters to separate user data from instructions.
Capability inventory: File system access within the .miro/specs/ directory, network access via curl for asset downloads, and subagent orchestration.
Sanitization: Content is parsed for specific structural elements (e.g., image URLs) rather than being executed directly.
[COMMAND_EXECUTION]: The skill uses standard shell commands (mkdir, rm, curl) for administrative tasks and asset fetching. These operations are confined to the local project workspace and are used according to their intended purposes.
[EXTERNAL_DOWNLOADS]: Image assets are downloaded from Miro's infrastructure using download URLs generated by official Miro MCP tools. These network operations are authenticated and target verified vendor resources.

miro-code-spec