Skills
skills/vm0-ai/vm0-skills/miro/Gen Agent Trust Hub

miro

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl and jq to execute API requests and process JSON responses. It also references zero doctor, a vendor-specific diagnostic tool for troubleshooting connection issues.
  • [DATA_EXFILTRATION]: Performs network operations targeting api.miro.com, which is the official API for Miro, a well-known visual collaboration service.
  • [PROMPT_INJECTION]: The skill processes data from Miro boards (such as sticky note content and board details), representing an attack surface for indirect prompt injection.
  • Ingestion points: Board and item data retrieved from Miro API endpoints in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between its instructions and retrieved board content.
  • Capability inventory: Shell command execution via curl and jq, and the ability to write temporary files to /tmp/miro_request.json.
  • Sanitization: Uses jq for structural extraction of JSON fields, but does not sanitize the actual text content of items retrieved from the API.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 02:45 AM