Asana Automation
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified in the skill content.
- [NO_CODE]: The skill consists entirely of markdown documentation and YAML configurations, with no executable scripts or external code dependencies.
- [PROMPT_INJECTION]: The skill defines an indirect prompt injection surface where untrusted data from GitHub issues (title, body) and Slack messages is ingested via the integration rules in SKILL.md. No explicit boundary markers or sanitization logic are defined in the templates. The capability inventory is limited to Asana-specific tools such as asana_create_task and asana_update_task. This surface is inherent to the skill's functionality and does not escalate the risk beyond its intended use case.
Audit Metadata