clickup
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted data from the ClickUp API (such as task names and descriptions) which could contain malicious instructions meant to influence the agent.\n
- Ingestion points:
scripts/clickup-query.shand documentation examples retrieve data from API endpoints like/team/{team_id}/taskand/task/{task_id}.\n - Boundary markers: The skill does not implement delimiters or 'ignore' instructions when processing or displaying task content.\n
- Capability inventory: The skill has permissions to read, create, and update tasks and workspace structures via the ClickUp REST API.\n
- Sanitization: No content filtering or escaping is applied to the data retrieved from the API before it is presented to the agent context.
Audit Metadata