skills/jeremylongshore/claude-code-plugins-plus-skills/clickup-migration-deep-dive/Gen Agent Trust Hub
clickup-migration-deep-dive
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes project data (task names, descriptions, labels) from external sources like Jira, Asana, and Trello. This creates a surface for indirect prompt injection if the source content contains malicious instructions intended to influence the agent during the migration process.
- Ingestion points: Task data is fetched via the ClickUp API in the
cloneListBetweenWorkspacesfunction. - Boundary markers: There are no specific delimiters or instruction overrides used when interpolating external task data into ClickUp API requests.
- Capability inventory: The skill allows the use of
Write,Edit, andBashtools, which could be misused if an indirect injection is successful. - Sanitization: The skill uses standard
JSON.stringifyto format data for API requests, which prevents structural corruption but does not filter natural language instructions. - [DATA_EXFILTRATION]: The skill performs network operations to
api.clickup.comto fetch and create project data. This involves the use of authentication tokens (sourceToken,destToken). These operations are consistent with the skill's primary purpose of workspace-to-workspace migration and target a well-known service.
Audit Metadata