clickup-performance-tuning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md shows the agent fetching and processing user-generated ClickUp data (e.g., GET /list/{id}/task via cachedRequest and paginateTasks, plus webhook payload handling in the /webhooks/clickup endpoint), so untrusted third-party task/webhook content could influence processing and subsequent actions.