clickup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests ClickUp user-generated content (e.g., "List Task Comments", "Get Task" in SKILL.md and via Membrane proxy requests) so third-party comments or task text from ClickUp could be read and influence subsequent actions, enabling indirect prompt injection.