trello
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes curl and jq to interact with the Trello REST API. This behavior is consistent with the skill's stated purpose of managing Trello boards and cards.
- [EXTERNAL_DOWNLOADS]: All network requests are directed to api.trello.com, which is the official endpoint for Trello, a well-known technology service. These operations are documented as part of the intended integration.
- [PROMPT_INJECTION]: The helper functions trello_board_id, trello_list_id, and trello_add_card introduce an indirect prompt injection surface by directly interpolating variables into bash commands and JSON strings.
- Ingestion points: Data enters the agent context through arguments passed to the helper functions defined in SKILL.md.
- Boundary markers: No delimiters or escaping mechanisms are employed to isolate user-provided strings from the surrounding command logic or JSON structure.
- Capability inventory: The skill has the capability to execute curl and jq subprocesses, allowing it to perform authenticated network writes and data processing.
- Sanitization: There is no evidence of input validation or character escaping for the interpolated variables, meaning malicious input in board names or card descriptions could potentially disrupt command execution or JSON formatting.
Audit Metadata