trello
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive local file access. The skill correctly uses environment variables for authentication and communicates only with the legitimate api.trello.com domain.
- Indirect Prompt Injection (SAFE): The skill reads card titles and descriptions from Trello which could contain instructions. This is a standard surface for any content-processing tool and is necessary for the skill's primary function. 1. Ingestion points: Card and list data retrieved via curl in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: curl (network), jq (parsing). 4. Sanitization: Absent.
- Unverifiable Dependencies (SAFE): Requires the 'jq' binary but does not attempt to download it from an untrusted source or execute remote scripts.
Audit Metadata