Skills
NYC
skills/smithery/ai/trello/Gen Agent Trust Hub

trello

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Prompt Injection] (MEDIUM): The skill is susceptible to indirect prompt injection (Category 8) because it fetches and processes data from an external source (Trello).
  • Ingestion points: Untrusted data enters the agent's context through curl commands that fetch card descriptions (desc) and comments (text) in SKILL.md.
  • Boundary markers: Absent. The skill does not provide instructions to the agent to delimit or ignore instructions embedded within the Trello data.
  • Capability inventory: The skill possesses network-write capabilities via curl to create cards, move cards, and post comments.
  • Sanitization: Absent. The data is piped through jq but the resulting strings are processed directly by the agent without escaping or validation.
  • [Command Execution] (LOW): The skill relies on curl for all operations. While these target the legitimate Trello API, the use of template placeholders like {boardId} and {listId} requires the agent to ensure these inputs are properly sanitized to prevent local command injection if an attacker can control those ID values.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 08:44 AM