You report a compromised key — with your confirmation the scenario deactivates it in Asana, audits the permissions, applies a restriction and reports to Twake.