Trello

Security checks across malware telemetry and agentic risk

Overview

This is a Trello connector skill that is clearly focused on Trello actions and includes user-confirmation guidance for state-changing operations.

Install this only if you are comfortable letting an agent operate the Trello account connected through OOMOL. Review payloads before approving creates, updates, archives, removals, comments, attachments, or member/label changes, especially on shared or business boards.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill description says to use this skill for ANY Trello request, which creates an overly broad routing trigger with no narrowing constraints. That can cause the agent to invoke this high-privilege integration in situations where a safer tool, narrower workflow, or additional user confirmation should be used, increasing the chance of unintended data access or state-changing actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal