clickup-hello-world

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs the agent to call ClickUp API endpoints (e.g., GET https://api.clickup.com/api/v2/team and the /space, /list, /folder, /task endpoints) to retrieve workspace/space/list/task data—which is user-generated third‑party content the agent reads and uses (IDs/names) to drive subsequent actions—so untrusted content could influence behavior.