trello
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a high-risk attack surface due to reading external content while maintaining write-access capabilities.\n
- Ingestion points: The skill fetches 'name' and 'desc' fields from Trello cards using curl and jq in SKILL.md.\n
- Boundary markers: No delimiters or explicit instructions are used to separate untrusted card data from the agent's prompt context.\n
- Capability inventory: The skill can create cards (POST /1/cards), move cards (PUT /1/cards/{id}), and add comments (POST /1/cards/{id}/actions/comments).\n
- Sanitization: No validation or sanitization of card content is performed before processing.\n- Command Execution (LOW): The skill utilizes curl and jq for API interaction. This is standard behavior for such a tool, but it relies on correctly handled environment variables and system-level execution.
Recommendations
- AI detected serious security threats
Audit Metadata