trello
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill interacts with the external Trello API (api.trello.com) to retrieve and modify board data. Authentication is handled via environment variables (TRELLO_API_KEY and TRELLO_TOKEN) which is the recommended practice for local agent security.
- [INDIRECT_PROMPT_INJECTION]: The skill retrieves data from Trello card titles and descriptions which are externally controlled.
- Ingestion points: Data enters the agent context through API responses from
api.trello.com(boards, lists, and cards). - Boundary markers: None identified in the prompt templates.
- Capability inventory: The skill has the capability to perform GET, POST, and PUT requests to the Trello API using
curl. - Sanitization: No specific sanitization or filtering of the content retrieved from Trello cards is implemented within the provided bash commands.
- [SAFE]: No remote code execution patterns, obfuscation techniques, or persistence mechanisms were detected in the skill's instructions or commands.
Audit Metadata