clickup-debug-bundle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md scripts and programmatic diagnostics explicitly fetch and parse live data from third-party endpoints (https://api.clickup.com/api/v2/user and /team, and https://status.clickup.com/api/v2/summary.json) and use the returned JSON and headers (user/team fields, auth and rate-limit status) to drive diagnostics/behavior, so untrusted external content could materially influence agent decisions.