asana
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill documentation suggests interpolating user-provided inputs directly into shell commands, which creates a surface for indirect prompt injection or command manipulation.
- Ingestion points: project_name, workspace_name, and task_list fields in SKILL.md.
- Boundary markers: None provided in the command templates.
- Capability inventory: Execution of the refly CLI tool with input payloads.
- Sanitization: No evidence of input validation or shell escaping instructions for the agent.
- [No Code] (SAFE): The skill does not bundle any executable scripts (Python, Node.js, Shell) or binaries, relying entirely on the host environment's existing tools and CLI instructions.
Audit Metadata