Critical-risk tools in Trello
31 of the 200 tools in Trello are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
TRELLO_ADD_LISTS_MOVE_ALL_CARDS_BY_ID_LISTDestructiveMoves all cards from a Trello list to a *different* board; this action is irreversible, moves (not copies) cards, and empties the source list without deleting it.
-
TRELLO_ADD_NOTIFICATIONS_ALL_READDestructiveMarks all Trello notifications for the authenticated user as read across all boards; this action is permanent and cannot be undone.
-
TRELLO_CONVERT_CHECKLIST_ITEM_TO_CARDDestructiveConverts a checklist item into a new card (useful for promoting a subtask), which inherits some properties from the item; this is irreversible via the API and offers no customiz...
-
TRELLO_DELETE_ACTIONS_BY_ID_ACTIONDestructiveDeletes a specific Trello action, such as a `commentCard`, by its ID; this is an irreversible operation and only applies to deletable action types, as many (especially system-ge...
-
TRELLO_DELETE_BOARDS_MEMBERS_BY_ID_BOARD_BY_ID_MEMBERDestructivePermanently removes a current member from a Trello board, revoking their access; this action is irreversible.
-
TRELLO_DELETE_BOARDS_POWER_UPS_BY_ID_BOARD_BY_POWER_UPDestructiveDisables a Power-Up on a Trello board using the board's ID and the plugin ID of a Power-Up currently enabled on that board; this action is irreversible and may result in data loss.
-
TRELLO_DELETE_CARDS_ACTIONS_COMMENTS_BY_ID_CARD_BY_ID_ACTIONDestructiveDeletes a specific comment action (identified by `idAction`) from a Trello card (identified by `idCard`); this operation is irreversible and only affects comments.
-
TRELLO_DELETE_CARDS_ATTACHMENTS_BY_ID_CARD_BY_ID_ATTACHMENTDestructivePermanently removes a specified attachment from a Trello card; this action is irreversible and requires that both the card and the attachment exist.
-
TRELLO_DELETE_CARDS_BY_ID_CARDDestructivePermanently deletes an archived Trello card specified by its `idCard`.
-
TRELLO_DELETE_CARDS_CHECKLISTS_BY_ID_CARD_BY_ID_CHECKLISTDestructivePermanently deletes a specific checklist from a Trello card.
-
TRELLO_DELETE_CARDS_ID_LABELS_BY_ID_CARD_BY_ID_LABELDestructiveRemoves a specific label from a Trello card; the label itself is not deleted from the board, only its association with the card.
-
TRELLO_DELETE_CARDS_ID_MEMBERS_BY_ID_CARD_BY_ID_MEMBERDestructiveRemoves a currently assigned member from a Trello card, affecting only the card's member list and not the member's board membership or overall permissions.
-
TRELLO_DELETE_CARDS_LABELS_BY_ID_CARD_BY_COLORDestructivePermanently removes a specific `color` label from an existing Trello card identified by `idCard`, if the card has that label; this only disassociates the label from the card, no...
-
TRELLO_DELETE_CARDS_MEMBERS_VOTED_BY_ID_CARD_BY_ID_MEMBERDestructiveRemoves a member's vote from a Trello card; this operation is irreversible and does not confirm if the vote existed prior to removal.
-
TRELLO_DELETE_CARDS_STICKERS_BY_ID_CARD_BY_ID_STICKERDestructivePermanently removes a specific sticker (identified by `idSticker`) from a Trello card (identified by `idCard`).
-
TRELLO_DELETE_CHECKLIST_ITEMDestructivePermanently deletes a specific check item from a checklist on a Trello card; this operation is irreversible and only affects the specified item, not the entire checklist.
-
TRELLO_DELETE_CHECKLISTS_BY_ID_CHECKLISTDestructivePermanently and irreversibly deletes a Trello checklist and all its items using the `idChecklist`.
-
TRELLO_DELETE_LABELS_BY_ID_LABELDestructivePermanently deletes an existing label from a Trello board by its ID; this operation is irreversible via the API.
-
TRELLO_DELETE_MEMBER_BOARD_BACKGROUNDDestructivePermanently deletes a specific custom board background belonging to the specified Trello member; this operation cannot be undone.
-
TRELLO_DELETE_MEMBER_CUSTOM_STICKERDestructiveDeletes a custom sticker from a Trello member's collection; this permanent action is only available for custom stickers within a Trello Workspace on a paid plan.
-
TRELLO_DELETE_MEMBER_SAVED_SEARCHDestructivePermanently deletes a specific saved search for a Trello member, used when the search is outdated or no longer needed.
-
TRELLO_DELETE_MEMBERS_BOARD_STARS_BY_ID_MEMBER_BY_ID_BOARD_STARDestructiveRemoves a specific starred board (identified by `idBoardStar`) from a Trello member's (identified by `idMember`) list of favorites; `idBoardStar` must be an existing star for th...
-
TRELLO_DELETE_ORG_ASSOCIATED_DOMAINDestructiveIrreversibly deletes an associated email domain from a Trello organization's preferences to update email domain restrictions for workspace membership; the domain must be current...
-
TRELLO_DELETE_ORGANIZATIONS_BY_ID_ORGDestructivePermanently deletes a Trello organization and all its associated data; this action is irreversible and requires caution.
-
TRELLO_DELETE_ORGANIZATIONS_LOGO_BY_ID_ORGDestructiveDeletes an existing Trello organization's custom logo, restoring its default and leaving other settings unchanged; if no custom logo exists, it succeeds without effect.
-
TRELLO_DELETE_ORGANIZATIONS_MEMBERS_ALL_BY_ID_ORG_BY_ID_MEMBERDestructiveRemoves a member entirely from a specific Trello organization, including from all its boards and cards; this action is permanent and does not delete the member's Trello account.
-
TRELLO_DELETE_ORGANIZATIONS_MEMBERS_BY_ID_ORG_BY_ID_MEMBERDestructivePermanently removes a member from a Trello organization by ID, revoking all access to its content; re-invitation is required for renewed access, and this does not delete the mem...
-
TRELLO_DELETE_ORGANIZATIONS_PREFS_ORG_INVITE_RESTRICT_BY_ID_ORGDestructiveRemoves a previously set email domain invitation restriction for a Trello organization.
-
TRELLO_DELETE_TOKENS_BY_TOKENDestructiveDeletes a specific Trello API token, identified by its value in the path, permanently revoking its access; this action is irreversible and used to invalidate compromised or unne...
-
TRELLO_DELETE_TOKENS_WEBHOOKS_BY_TOKEN_BY_ID_WEBHOOKDestructiveDeletes an existing webhook, specified by its `idWebhook`, thereby stopping its notifications.
-
TRELLO_DELETE_WEBHOOKS_BY_ID_WEBHOOKDestructivePermanently deletes an existing Trello webhook by its `idWebhook`, an irreversible action that stops future notifications.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.