trello-ops
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by processing untrusted data from Trello boards and cards.
- Ingestion points: Functions in
index.jssuch asgetCardandgetCommentsretrieve arbitrary text content from Trello. - Boundary markers: No delimiters or specific instructions are implemented to isolate external content from agent instructions.
- Capability inventory: The skill can read from and write to the Trello API (create/move cards, add comments) using the
axioslibrary. - Sanitization: The skill does not perform validation or sanitization of content retrieved from the API.
- [EXTERNAL_DOWNLOADS]: The skill fetches the
axiospackage from the official NPM registry to manage HTTP requests. - [DATA_EXFILTRATION]: Network operations are directed to
api.trello.com, which is the well-known official domain for the Trello service. Authentication secrets are correctly sourced from environment variables.
Audit Metadata