clickup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and returns user-generated ClickUp content (tasks, documents, chat messages, comments) via tools such as clickup_search, clickup_get_task_comments, and clickup_get_document_pages as documented in SKILL.md and implemented in app.py, so untrusted third-party content from the workspace can be read and could influence the agent's actions.