trello-automation
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an external MCP server at https://rube.app/mcp. This is the primary service provider for the Trello automation tools described.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface.
- Ingestion points: The skill reads card names, descriptions, and comments from Trello via TRELLO_GET_SEARCH and TRELLO_GET_BOARDS_CARDS_BY_ID_BOARD.
- Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the documentation.
- Capability inventory: The agent has the ability to create, update, and comment on Trello cards, which could be leveraged if malicious data is processed.
- Sanitization: No sanitization or validation of the retrieved Trello data is performed before it is used in subsequent operations.
- [NO_CODE]: No scripts, executables, or code files are included with this skill; it consists entirely of instructional markdown documentation.
Audit Metadata