asana
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
@membranehq/clipackage from the NPM registry to enable interaction with the Membrane platform. - [COMMAND_EXECUTION]: It uses the
membraneCLI to perform authentication and execute Asana API actions through pre-built actions or direct proxy requests. - [PROMPT_INJECTION]: The skill processes data from Asana, presenting an indirect prompt injection surface.
- Ingestion points: Records such as tasks, projects, and comments are retrieved via the Asana API (SKILL.md).
- Boundary markers: No explicit delimiters or instructions are used to separate external data from system instructions.
- Capability inventory: The agent has the ability to run actions (
membrane action run) and make arbitrary API requests (membrane request) through the CLI. - Sanitization: No sanitization or content validation is performed on the ingested data.
Audit Metadata