Trello Automation
Pass
Audited by Gen Agent Trust Hub on Jun 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines automation workflows that ingest untrusted data from Trello cards, which represents an indirect prompt injection surface.
- Ingestion points: Untrusted data enters the agent context via card metadata and body fields such as
{{detailed_description}},{{content_title}}, and{{task_name}}in SKILL.md. - Boundary markers: Absent. The skill uses template placeholders for data interpolation but does not specify delimiters or instructions for the agent to ignore potentially malicious directives embedded within that data.
- Capability inventory: The skill employs tools for card management and board automation (
trello_card,trello_automation) and features a Slack integration for automated notifications. - Sanitization: Absent. There are no instructions for validating, filtering, or escaping the content retrieved from external cards before it is processed or output to other channels.
Audit Metadata