comment
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection via the user-provided comment text.
- Ingestion points: Untrusted data enters via the 'comment text' argument of the /comment command.
- Boundary markers: None are specified; the skill does not use delimiters to encapsulate the user input before processing.
- Capability inventory: The skill utilizes the 'clickup_add_comment' tool to write data to an external platform.
- Sanitization: There is no evidence of input sanitization or escaping of markdown/control characters in the description.
Audit Metadata