trello
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto make network requests to the Trello REST API andjqto extract information from the responses. These operations are restricted to the officialapi.trello.comdomain. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external data such as card titles and descriptions which are controlled by users on Trello.
- Ingestion points: Data retrieved via
curlfrom Trello boards, lists, and cards inSKILL.md. - Boundary markers: None are defined in the command outputs to separate data from instructions.
- Capability inventory: The skill is limited to performing API requests via
curland parsing withjq. - Sanitization: No sanitization of the Trello content is performed before it is handled by the agent.
Audit Metadata