clickup-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface where untrusted data from ClickUp enters the agent context. 1. Ingestion points: CLICKUP_GET_TASK, CLICKUP_GET_TASKS, and CLICKUP_GET_TASK_COMMENTS (SKILL.md). 2. Boundary markers: None present. 3. Capability inventory: Subprocess-like tool calls for task creation, updates, and deletion (SKILL.md). 4. Sanitization: No sanitization or filtering of external task content is mentioned. The risk is low because the skill does not explicitly instruct the agent to obey commands found in task content.
- [EXTERNAL_DOWNLOADS]: The skill requires connecting to an external MCP server (https://rube.app/mcp) to provide the ClickUp toolkit. This is a functional requirement for the skill and is documented as a setup step.
- [SAFE]: No patterns of data exfiltration, obfuscation, privilege escalation, or persistence were detected in the skill instructions or metadata.
Audit Metadata