skills/steipete/clawdis/trello/Gen Agent Trust Hub

trello

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl to communicate with the Trello REST API and jq to parse the resulting JSON. This is appropriate for the skill's stated purpose of managing Trello boards and cards.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of jq via the Homebrew package manager. jq is a trusted, well-known tool for command-line JSON processing.\n- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface because it processes content from external Trello cards and comments.\n
  • Ingestion points: Card titles, descriptions, and comments are fetched from the Trello API in SKILL.md.\n
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard instructions embedded within the Trello data.\n
  • Capability inventory: The skill can create, update, and comment on Trello cards using POST and PUT requests as defined in SKILL.md.\n
  • Sanitization: Content retrieved from Trello is not sanitized before being processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 02:13 AM
Security Audit — agent-trust-hub — trello