trello
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-severity attack surface because it handles untrusted data (card titles and descriptions) while having write capabilities on the Trello platform. \n
- Ingestion points: Card title and description fields defined in
SKILL.md. \n - Boundary markers: Absent; inputs are passed directly into the workflow. \n
- Capability inventory:
refly skill runtriggers a remote workflow that creates/modifies cards in Trello. \n - Sanitization: Absent; no logic is present to filter or escape instructions embedded in the input strings. \n- [External Downloads] (MEDIUM): The installation process involves downloading a remote skill package (
skp-x4da1f3j06ctgybq9ifva7i3) fromrefly.ai, which is not a Trusted External Source. \n- [Command Execution] (LOW): The execution steps use local shell commands (jq,echo,open) to process workflow IDs and interact with the browser, which are typical for this platform but represent system-level interaction.
Recommendations
- AI detected serious security threats
Audit Metadata