test

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Trello helper skill whose main risk is that its Trello token can read and change real boards and cards.

Install only if you are comfortable giving the agent access to a Trello API key and token. Keep those values secret, use the narrowest or most disposable token available, and require explicit user confirmation before creating, moving, commenting on, or archiving Trello cards.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill documents state-changing Trello operations such as creating cards, moving cards, commenting, and archiving without an explicit warning that these actions modify live production data. In an agent skill context, that increases the risk of accidental destructive or unauthorized changes because users or downstream agents may execute examples as-is against real boards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal