trello
Warn
Audited by Snyk on Mar 6, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows calling the Trello REST API to list boards/lists/cards (e.g., "…/lists/{listId}/cards?… | jq '.[] | {name, id, desc}'") and to read card descriptions/comments, which are third-party user-generated content that the agent would ingest and could materially influence subsequent actions.
Audit Metadata