clickup
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard system utilities, specifically
curlandjq, to perform REST API requests and process JSON responses. These operations are restricted to the intended purpose of managing ClickUp resources. - [PROMPT_INJECTION]: The skill ingests untrusted data from an external source (ClickUp task names, descriptions, and comments). This creates an indirect prompt injection surface where malicious instructions embedded in ClickUp data could attempt to influence the agent's behavior. However, the risk is low as the skill uses
jqto extract specific fields and lacks dangerous execution sinks (likeevalorsudo) for the processed data. - [DATA_EXFILTRATION]: All network operations are directed to the official ClickUp API domain (
api.clickup.com). No evidence of data exfiltration to unauthorized third-party domains was found. - [CREDENTIALS_UNSAFE]: The skill correctly manages authentication by using the
CLICKUP_TOKENenvironment variable, which is injected via the platform's secret management system. There are no hardcoded credentials.
Audit Metadata