Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/clickup-prod-checklist/Gen Agent Trust Hub

clickup-prod-checklist

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: Comprehensive analysis of the skill's instructions and verification script confirms the absence of malicious patterns, obfuscated code, or attempts to bypass agent safety guidelines.- [DATA_EXFILTRATION]: The embedded health verification script performs network requests only to official ClickUp domains (api.clickup.com and status.clickup.com). No unauthorized data exfiltration or credential harvesting patterns were detected.- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection via data ingestion from external APIs.
  • Ingestion points: The verification script reads data from api.clickup.com and status.clickup.com in SKILL.md.
  • Boundary markers: No specific boundary markers are implemented for the fetched data.
  • Capability inventory: The skill is configured to use Bash (curl) and python3 for data retrieval and processing.
  • Sanitization: External data is processed using the Python json module for field extraction, providing a safe method for parsing structured responses.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 01:05 AM
Security Audit — agent-trust-hub — clickup-prod-checklist