trello
Warn
Audited by Snyk on Mar 8, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). Yes — the skill fetches and acts on user-generated content from Trello via the Trello REST API (e.g., SKILL.md examples calling /1/boards/{boardId}/cards and reading card .desc), so untrusted third-party content could influence decisions and subsequent actions.
Audit Metadata