asana-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data from Asana which can influence agent behavior.
- Ingestion points: Task names, notes, and project descriptions are retrieved via
ASANA_GET_A_TASKandASANA_SEARCH_TASKS_IN_WORKSPACE. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the workflows.
- Capability inventory: The skill can perform write operations like
ASANA_CREATE_A_TASKand complexASANA_SUBMIT_PARALLEL_REQUESTS. - Sanitization: No evidence of sanitization or validation of the retrieved content before it enters the LLM context.
- Remote Code Execution (LOW): The skill directs the user to add an external, third-party MCP server (
https://rube.app/mcp). While typical for MCP-based skills, this creates a dependency on an external provider for tool logic and execution. - Dynamic Execution (LOW): The tool
ASANA_SUBMIT_PARALLEL_REQUESTSallows the construction of multiple API requests at runtime. While limited to the Asana API scope, it provides a flexible execution surface for potentially malicious instructions if the agent is compromised via indirect injection.
Audit Metadata