trello
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlandjqto interact with the Trello REST API, which is standard for its stated purpose. - [PROMPT_INJECTION]: The skill ingests untrusted data from Trello cards, which represents an indirect prompt injection surface.
- Ingestion points: Trello card names and descriptions are retrieved via
curlcommands inSKILL.md. - Boundary markers: No delimiters or warnings to ignore embedded instructions are used when processing Trello data.
- Capability inventory: The skill includes capabilities to create, update, and archive cards via
curlrequests inSKILL.md. - Sanitization: External content from the Trello API is passed to the agent without sanitization or validation.
Audit Metadata