trello-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill references an external MCP server endpoint (https://rube.app/mcp). While this is a configuration for the MCP client and not a direct script execution, it establishes a dependency on an external service provider not listed in the trusted sources.
- [Indirect Prompt Injection] (LOW): The skill is designed to read and search content from Trello boards which may contain untrusted data from other users.
- Ingestion points: Card content and search results via
TRELLO_GET_SEARCHandTRELLO_GET_BOARDS_CARDS_BY_ID_BOARD. - Boundary markers: Absent; the skill does not instruct the agent to use delimiters or ignore instructions within Trello cards.
- Capability inventory: The skill has broad Trello write permissions including
TRELLO_ADD_CARDS,TRELLO_UPDATE_CARDS_BY_ID_CARD, andTRELLO_ADD_CARDS_ATTACHMENTS_BY_ID_CARD. - Sanitization: Absent; the agent is expected to process the raw strings returned by the Trello API.
Audit Metadata