Skills
skills/aaaaqwq/agi-super-team/clickup-automation/Gen Agent Trust Hub

clickup-automation

Warn

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the configuration of a remote MCP server at https://rube.app/mcp. This delegates tool execution and data handling to an external service provider that is not included in the trusted vendors list.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from ClickUp objects.
  • Ingestion points: The tools CLICKUP_GET_TASK, CLICKUP_GET_TASKS, and CLICKUP_GET_TASK_COMMENTS retrieve data (descriptions, comments) that can be controlled by external users or third-party integrations.
  • Boundary markers: Absent. The skill instructions do not provide delimiters or guidance for the agent to distinguish between its own instructions and data retrieved from ClickUp.
  • Capability inventory: The skill possesses capabilities to create, modify, and delete tasks (CLICKUP_CREATE_TASK, CLICKUP_UPDATE_TASK, CLICKUP_DELETE_TASK), and manage comments.
  • Sanitization: Absent. There is no mention of sanitizing, escaping, or validating the data retrieved from ClickUp before it enters the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 13, 2026, 06:57 AM