asana
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/execute_action.pyusessubprocess.runto execute other scripts within the skill. It utilizes a hardcoded list of valid scripts and passes arguments as a list, minimizing the risk of arbitrary command injection. - [PROMPT_INJECTION]: The skill contains a directive to the agent to execute actions 'outside of the sandbox'. This is a request to bypass environment security restrictions, typically to allow the network access required for the Asana API.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted data from the Asana API.
- Ingestion points: Content such as task names, notes, and comments are fetched from Asana in
scripts/get_task.py,scripts/list_tasks.py,scripts/search_tasks.py, andscripts/my_tasks.py. - Boundary markers: There are no markers or instructions provided to the agent to prevent it from following commands that might be embedded in task data retrieved from external sources.
- Capability inventory: The skill allows for writing data back to Asana (
create_task,update_task,add_comment) and executing local Python scripts through the dispatcher. - Sanitization: The skill uses
argparsefor command-line arguments but does not implement sanitization or escaping for the data retrieved from the API before it is presented to the agent's context.
Audit Metadata