asana
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's setup instructions require installing and running an unverified third-party npm package (@roychri/mcp-server-asana) via npx.
- [REMOTE_CODE_EXECUTION]: Execution of the external @roychri/mcp-server-asana package via npx constitutes running code from a source not included in the trusted vendors list.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through data ingested from the Asana API.
- Ingestion points: Task names, notes, and comments are retrieved via the Asana API and the asana Python script.
- Boundary markers: None; the script and MCP server output task content as raw text, which an agent may mistake for direct instructions.
- Capability inventory: The skill allows for the creation, modification, and commenting of tasks, providing multiple vectors for an attacker-controlled task to influence the agent.
- Sanitization: No content validation or sanitization is applied to the data fetched from external Asana projects.
Audit Metadata