Skills
skills/vm0-ai/vm0-skills/asana/Gen Agent Trust Hub

asana

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: Analysis of the skill instructions and command patterns revealed no malicious behavior. The skill is designed for routine task and project management within Asana.
  • [COMMAND_EXECUTION]: The skill utilizes curl and jq to perform standard REST API operations.
  • Evidence: The commands provide functionality for listing, creating, and updating resources (tasks, projects, etc.) via shell blocks in SKILL.md.
  • [DATA_EXFILTRATION]: The ASANA_TOKEN secret is used solely for authenticating requests to the official service provider.
  • Evidence: The secret is accessed via $(printenv ASANA_TOKEN) and placed in the Authorization: Bearer header of curl requests.
  • [EXTERNAL_DOWNLOADS]: Network communication is restricted to the service's official domain.
  • Evidence: All API requests target https://app.asana.com, which is the well-known and official domain for the Asana platform.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 05:13 PM