Asana

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Asana integration that uses Membrane to manage Asana data, including write and delete actions that users should handle carefully.

Install only if you trust Membrane as an intermediary for your Asana data. Connect the least-privileged Asana account or workspace that fits your needs, prefer listed Membrane actions over raw proxy requests, and require explicit confirmation before creating, updating, deleting, or sending POST/PATCH/DELETE API requests.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly documents destructive operations such as deleting tasks and projects without any warning, confirmation guidance, or guardrails. In an agentic context, exposing destructive actions as routine capabilities increases the risk of accidental or unauthorized data loss, especially if the model executes user requests ambiguously or too eagerly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal