clickup
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions in README.md specify installing the
@discountry/clickup-clipackage and adding the skill from the author's GitHub repository. These are documented as vendor-owned resources. - [COMMAND_EXECUTION]: The skill operates by executing system commands through the global
clickupCLI as described in SKILL.md. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its interaction with external content from ClickUp.
- Ingestion points: The agent processes external data when reading task details, comments, and documents through commands such as
get,comments,doc, andpage(SKILL.md). - Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the logic to protect the agent from malicious content within ClickUp data.
- Capability inventory: The skill possesses significant write capabilities, including posting comments (
comment), creating tasks (create), and editing page content (edit-page), which could be misused if the agent is manipulated (SKILL.md). - Sanitization: No explicit sanitization or validation of the external content is performed before it is added to the agent's context.
Audit Metadata