Asana Automation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its integration with external services like GitHub and Slack.\n
- Ingestion points: External data enters the agent context via GitHub issues (
issue.title,issue.body) and Slack notifications (task.name).\n - Boundary markers: The skill lacks explicit delimiters or 'ignore' instructions for the interpolated external data in its automation rules.\n
- Capability inventory: The skill can create, update, and search Asana tasks and sections using the
project-mcpserver.\n - Sanitization: There is no evidence of sanitization or filtering of external input before it is used in Asana automation actions.
Audit Metadata