planning-clickup
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill manages project workflow through ClickUp tasks using standard MCP tools. It does not perform any unauthorized network operations or file system access beyond its stated purpose of managing configuration and tasks.
- [NO_CODE]: The skill consists entirely of markdown instructions and YAML configuration, with no executable scripts or binary files provided.
- [SAFE]: The skill implements a configuration file (clickup.md) to store workspace identifiers. This file is stored locally in the project root and does not contain sensitive credentials like API keys or tokens.
- [PROMPT_INJECTION]: The skill demonstrates awareness of indirect prompt injection risks by including a specific rule to treat external task content as data only.
- Ingestion points: User requests processed in Step 1 of SKILL.md and potential task data from ClickUp.
- Boundary markers: Markdown blocks used to format plans in Step 2 of SKILL.md.
- Capability inventory: Task creation and commenting tools (clickup_create_task, clickup_create_task_comment) defined in SKILL.md.
- Sanitization: Explicit "Behaviour Rule" in SKILL.md instructing the agent to treat task content as data and ignore any instructions found within descriptions or comments.
Audit Metadata