Skills
skills/termix-official/cryptoclaw/trello/Gen Agent Trust Hub

trello

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches data from the official Trello REST API (api.trello.com), which is a well-known service. This is the primary intended functionality of the skill.
  • [COMMAND_EXECUTION]: Utilizes standard CLI tools curl and jq to interact with the API and process JSON responses, which is consistent with the skill's stated purpose.
  • [DATA_EXFILTRATION]: Safely manages sensitive information by instructing users to use environment variables (TRELLO_API_KEY and TRELLO_TOKEN) for authentication instead of hardcoding secrets.
  • [PROMPT_INJECTION]: Potential surface for indirect prompt injection exists when the agent processes data from Trello (e.g., card descriptions or comments). Ingestion points: Trello API responses (SKILL.md). Boundary markers: Absent. Capability inventory: curl, jq. Sanitization: Absent. This risk is considered safe as it is inherent to the skill's core functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 12:15 AM