trello
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
curlto communicate with the Trello REST API andjqto parse the resulting JSON. This is appropriate for the skill's stated purpose of managing Trello boards and cards.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation ofjqvia the Homebrew package manager.jqis a trusted, well-known tool for command-line JSON processing.\n- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface because it processes content from external Trello cards and comments.\n - Ingestion points: Card titles, descriptions, and comments are fetched from the Trello API in SKILL.md.\n
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard instructions embedded within the Trello data.\n
- Capability inventory: The skill can create, update, and comment on Trello cards using POST and PUT requests as defined in SKILL.md.\n
- Sanitization: Content retrieved from Trello is not sanitized before being processed by the agent.
Audit Metadata