asana
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Prompt Injection] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: The skill ingests untrusted data from Asana API resources such as Tasks, Project Briefs, and Stories. 2. Boundary markers: Absent; there are no delimiters or instructions for the agent to ignore instructions embedded in the data. 3. Capability inventory: Broad write/delete permissions for Tasks, Projects, Portfolios, and Webhooks. 4. Sanitization: None defined; the skill lacks procedures to validate or escape external content.
- [External Downloads] (MEDIUM): The skill references an external OpenAPI spec from an untrusted GitHub repository (Asana/openapi).
- [External Downloads] (HIGH): Automated scanners identified malicious phishing content within the skill's reference documentation (specifically 'Teams.md'), posing a significant risk of credential theft or data exposure if accessed by the agent or presented to the user.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata