Asana Automation

SUSPICIOUS. The stated purpose matches project-management automation, and there are no explicit malicious commands, downloads, or exfiltration endpoints. However, the core execution dependency `project-mcp` is an undocumented, unverifiable intermediary with unclear provenance and unclear data routing, which is disproportionate for a skill that could otherwise describe direct official Asana API use. Main risk is trust and opacity, not confirmed malware.