Skills
skills/composiohq/awesome-claude-skills/trello-automation/Gen Agent Trust Hub

trello-automation

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill possesses a significant attack surface for indirect prompt injection.
  • Ingestion points: Tools such as TRELLO_GET_SEARCH, TRELLO_GET_BOARDS_LISTS_BY_ID_BOARD, and TRELLO_GET_BOARDS_CARDS_BY_ID_BOARD ingest data from external Trello cards and boards which are attacker-controlled sources.
  • Boundary markers: The skill documentation provides no instructions for the agent to use delimiters or ignore instructions found within the Trello data.
  • Capability inventory: The skill allows the agent to perform write operations including TRELLO_ADD_CARDS, TRELLO_UPDATE_CARDS_BY_ID_CARD (moving cards), and TRELLO_ADD_CARDS_ACTIONS_COMMENTS_BY_ID_CARD (posting comments).
  • Sanitization: There is no mention of sanitizing or validating the input from Trello before it is used in subsequent operations or agent reasoning.
  • [External Downloads] (LOW): The skill instructs users to connect to an external MCP server hosted at rube.app/mcp. This domain is not within the defined [TRUST-SCOPE-RULE] whitelist, requiring users to trust the security of the third-party endpoint provider.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 09:13 PM