We have observed highly unusual behavior where Trello appears to be querying macOS VoiceServices (e.g., com.apple.MobileAsset.VoiceServices.GryphonVoice) and triggering an AppSandbox request.

📌 Key points:

• This has occurred multiple times on several different computers, all of which have access to the same Trello board.
• We were able to reproduce the issue consistently until we removed certain API calls, after which we could no longer trigger the behavior.
• We are trying to understand what is happening and whether this is expected behavior or a potential security concern.

🔍 Questions & Concerns:

1. Why would Trello (or a Power-Up/plugin like Crmble) request access to macOS VoiceServices?
2. What could cause Trello Helper (GPU) to trigger an AppSandbox request?
3. Could an API integration within Trello lead to unexpected interactions with macOS system components?
4. Is there any known behavior where Trello interacts with Apple’s speech-related frameworks?

🚨 Suspicious Behavior:

At the time this happened, a voice message suddenly played on multiple Macs, stating:

"Ihr System wurde mit schädlichen Trojanern infiziert. Diese Viren schicken Kreditkartendaten, Facebook-Logins sowie persönliche Daten und IP-Adressen an Hacker weiter. Bitte rufen Sie uns sofort unter der angegebenen Nummer an, damit unsere Microsoft Support-Ingenieure sofort durch den Lösungsvorgang helfen."

💡 This strongly resembles a tech support scam message.
🛑 Very, very suspicious.

We would appreciate any insights on whether this is expected behavior or if it could indicate:

• A misconfiguration in Trello or a plugin,
• A security vulnerability in a Power-Up,
• Potential abuse of Trello’s APIs by a malicious actor.

Any guidance on further investigation steps or similar known cases would be highly appreciated. 🚀