asana
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill stores sensitive OAuth information, including the Client Secret and access/refresh tokens, in plain-text JSON files located at
~/.clawdbot/asana/credentials.jsonand~/.clawdbot/asana/token.jsonrespectively.\n- [DATA_EXFILTRATION]: The skill makes network requests to the official Asana API atapp.asana.comto manage workspaces and tasks. These operations are essential for the skill's primary function but involve transmitting user data to an external service.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from the Asana API.\n - Ingestion points: The
asana_api.mjsscript retrieves task names, notes, and comments from the external Asana service.\n - Boundary markers: No delimiters or instructions to ignore embedded commands are used when retrieving and displaying data from Asana.\n
- Capability inventory: The skill has permissions to write configuration files to the local file system and perform authenticated network requests to the Asana API.\n
- Sanitization: There is no sanitization of the content fetched from Asana before it is presented to the agent, allowing potential instructions inside task fields to be treated as high-priority commands.
Audit Metadata