Skills
skills/aaaaqwq/agi-super-team/asana-automation/Gen Agent Trust Hub

asana-automation

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is purely instructional and metadata-based, defining workflows for external MCP tools. No local scripts or binaries are included.
  • [EXTERNAL_DOWNLOADS]: The skill requires connecting to the external MCP server at https://rube.app/mcp, which is a legitimate endpoint for the Rube integration service.
  • [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface.
  • Ingestion points: Tools like ASANA_GET_A_TASK and ASANA_GET_TASKS_FROM_A_PROJECT (SKILL.md) ingest untrusted data from Asana task notes and names.
  • Boundary markers: None are specified in the provided instructions to distinguish between task data and agent instructions.
  • Capability inventory: The skill possesses modification capabilities including ASANA_CREATE_A_TASK and bulk execution via ASANA_SUBMIT_PARALLEL_REQUESTS (SKILL.md).
  • Sanitization: No sanitization or validation of the ingested Asana content is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 06:58 AM