clickup-multi-env-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds literal API tokens in example .env files and in CLI/secret-manager commands that pass secret strings verbatim (e.g., --body "pk_stg_...", aws/gcloud/vault examples), so an agent would be expected to handle or reproduce secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill makes runtime requests to the public ClickUp API (e.g., the verify-clickup-env.sh curl call to https://api.clickup.com/api/v2/user and the clickupRequest calls in deleteCompletedTasks that fetch tasks), so it ingests untrusted third‑party/user content from ClickUp which is then parsed and used to drive actions like deletions.