asana
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill utilizes 'python3 -c' to execute dynamically constructed Python logic for all operations. This pattern increases the risk of command injection if external data (such as task names or search terms) is not strictly handled.
- COMMAND_EXECUTION (MEDIUM): The setup instructions guide users to modify their '~/.zshrc' file to persist the 'ASANA_ACCESS_TOKEN'. Modifying shell configuration files is a sensitive persistence mechanism and a potential security risk if misused.
- EXTERNAL_DOWNLOADS (LOW): The skill instructs the user to install the official 'asana' Python package from PyPI and the Python interpreter via 'brew' or 'apt'. These are standard dependencies but involve external network downloads.
- DATA_EXFILTRATION (LOW): The skill retrieves personal information including user names and email addresses via 'client.users.me()'. While this is part of its core functionality, it constitutes access to sensitive user metadata.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection.
- Ingestion points: External data such as task names, descriptions, and project details are ingested via 'client.tasks.find_all' and 'client.tasks.find_by_id'.
- Boundary markers: No explicit delimiters or 'ignore' instructions are provided in the Python execution templates.
- Capability inventory: The agent can execute commands via 'python3 -c' and modify shell profiles.
- Sanitization: No sanitization or escaping of data retrieved from the Asana API is performed before the data is printed to the agent's context.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata