Skills
skills/davepoon/buildwithclaude/trello-automation/Gen Agent Trust Hub

trello-automation

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect prompt injection surface detected. The skill retrieves data from Trello cards and boards, which may contain instructions from untrusted external contributors that could influence agent behavior.
  • Ingestion points: TRELLO_GET_SEARCH and TRELLO_GET_BOARDS_CARDS_BY_ID_BOARD in SKILL.md.
  • Boundary markers: Absent; the instructions do not specify delimiters for external data.
  • Capability inventory: Card creation, member assignment, and board management tools.
  • Sanitization: Absent; the skill does not suggest filtering or escaping retrieved content before processing.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill references an external MCP server endpoint (https://rube.app/mcp) for functionality. While this is the intended setup for the Rube integration, the domain is not on the predefined trusted list.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 08:18 AM