Skills
skills/thinkfleetai/thinkfleet-engine/asana/Gen Agent Trust Hub

asana

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl and jq system binaries to interact with the Asana REST API. These operations are restricted to standard API calls and do not perform unauthorized system changes.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes user-controlled data retrieved from an external source.
  • Ingestion points: The skill retrieves task names, notes, and comments via Get task and List tasks operations from Asana's API.
  • Boundary markers: No explicit delimiters or instructions are provided to distinguish between retrieved data and agent instructions.
  • Capability inventory: The skill enables the agent to execute shell commands and modify workspace content.
  • Sanitization: No sanitization or validation is performed on the data returned from the API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:13 AM