clickup-core-workflow-a
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill ingests untrusted data from the ClickUp API which could contain malicious instructions designed to manipulate the agent behavior.\n
- Ingestion points: Task content retrieved through
getTasksandsearchTasksfunctions inSKILL.md.\n - Boundary markers: Absent; there are no delimiters or warnings to the agent to ignore instructions within the task data.\n
- Capability inventory: The skill has access to
Write,Edit, andBashtools, which increases the potential impact of a successful injection.\n - Sanitization: No explicit sanitization or validation of the external content is shown in the provided implementation examples.
Audit Metadata