clickup-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill calls ClickUp APIs such as CLICKUP_GET_TASK, CLICKUP_GET_TASKS, and CLICKUP_GET_TASK_COMMENTS which retrieve user-generated task descriptions and comments from a third-party ClickUp workspace that the agent is expected to read and act on, exposing it to untrusted content that could contain indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires an active Rube MCP connection and explicitly instructs adding https://rube.app/mcp as an MCP server — that endpoint is used at runtime to supply tool schemas and execute toolkit actions, which can directly control agent prompts and behavior.