trello
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill manages authentication via environment variables (TRELLO_API_KEY, TRELLO_TOKEN), which is the recommended secure approach. All network requests are made to the legitimate Trello API endpoint (api.trello.com).
- [INDIRECT_PROMPT_INJECTION]: The skill retrieves external data that could contain malicious instructions, though it is assessed as safe in this context. \n
- Ingestion points: Retreives board names, card descriptions, and comments from the Trello REST API (SKILL.md). \n
- Boundary markers: No explicit delimiters or instructions to ignore embedded content are used in the command templates. \n
- Capability inventory: The skill uses curl for network communication and jq for JSON processing. \n
- Sanitization: API response data is processed without explicit sanitization or filtering.
Audit Metadata