clickup
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements legitimate ClickUp task management functionality using MCP tools with the clickup prefix. It allows for searching, retrieving, and updating tasks and comments. No malicious patterns, obfuscation, or persistence mechanisms were detected.
- [PROMPT_INJECTION]: The skill retrieves and processes external content such as task descriptions and comments, which constitutes a standard surface for indirect prompt injection. This is an inherent and necessary aspect of task management integrations.
- Ingestion points: The skill retrieves data from ClickUp via clickup_get_task_comments, clickup_search, and clickup_get_task as described in SKILL.md.
- Boundary markers: There are no specific delimiters or instructions to ignore embedded commands within the processed data.
- Capability inventory: The skill has the ability to update task statuses and create comments via clickup_update_task and clickup_create_task_comment.
- Sanitization: No explicit data sanitization or validation logic is defined in the skill markdown.
Audit Metadata