trello
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill communicates with the official Trello REST API (api.trello.com) to manage user data. This is a legitimate use of a well-known service and does not involve unauthorized exfiltration of sensitive local data.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The skill correctly instructs the agent to use environment variables for authentication (TRELLO_API_KEY and TRELLO_TOKEN).
- [COMMAND_EXECUTION]: The skill uses curl and jq as intended to perform API requests and parse JSON results.
- [PROMPT_INJECTION]: The skill processes card names and descriptions from Trello which could contain untrusted instructions. However, this risk is mitigated as the skill lacks high-risk capabilities like local file writes or arbitrary code execution. 1. Ingestion points: Content retrieved from api.trello.com via curl. 2. Boundary markers: None. 3. Capability inventory: curl (network) and jq (parsing). 4. Sanitization: No specific filtering is applied to the retrieved content.
Audit Metadata