trello
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
curlandjqto perform Trello operations. - [EXTERNAL_DOWNLOADS]: Fetches data from the official Trello API (
api.trello.com), a well-known service. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through external data ingestion.
- Ingestion points: Retrieves user-controlled content from Trello, including board names and card descriptions (SKILL.md).
- Boundary markers: No explicit delimiters or instructions are used to separate API data from the agent's system prompt.
- Capability inventory: The skill is authorized to perform network requests and data parsing via shell commands.
- Sanitization: Data from Trello is presented to the agent without verification or sanitization.
Audit Metadata