test1

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Trello helper skill, but its examples can change real Trello data if run with your credentials.

Install this only if you want an agent to use your Trello API key and token. Keep those credentials secret, verify board/list/card IDs before running commands, and require explicit confirmation before creating, moving, commenting on, or archiving cards.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill documents live state-changing Trello operations such as creating cards, moving cards, commenting, and archiving without an explicit warning that these commands modify production data immediately. In an agent/tooling context, omission of a clear caution increases the risk of unintended actions against real user boards and can lead to accidental data changes or workflow disruption.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal