trello-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: Analysis of the skill's instructions and metadata revealed no malicious patterns, hardcoded secrets, or dangerous commands.
- [NO_CODE]: No source code, scripts, or binaries are distributed with this skill; it relies entirely on instructions for a separately configured MCP server.
- [PROMPT_INJECTION]: The skill facilitates reading user-generated content from Trello (card names, descriptions, comments), which represents a surface for indirect prompt injection. Ingestion points: Card search results and board/list details retrieved via TRELLO_GET_SEARCH and board listing tools. Boundary markers: None specified in the instructions. Capability inventory: Tooling allows creating cards, adding members, and attaching URLs to cards. Sanitization: Not implemented; the skill processes retrieved card data directly into the agent context.
Audit Metadata