asana-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists solely of markdown-based documentation and YAML metadata. No executable scripts (Python, Node.js, or Shell) are included.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface (Category 8) detected because the skill reads external, potentially untrusted data. Ingestion points: ASANA_GET_A_TASK, ASANA_SEARCH_TASKS_IN_WORKSPACE, and ASANA_GET_TASKS_FROM_A_PROJECT. Boundary markers: None present. Capability inventory: ASANA_CREATE_A_TASK, ASANA_SUBMIT_PARALLEL_REQUESTS, and ASANA_CREATE_A_PROJECT. Sanitization: None specified. Malicious instructions placed in Asana task titles or notes could influence the agent's subsequent actions.
Audit Metadata