skills/jeremylongshore/claude-code-plugins-plus-skills/clickup-reference-architecture/Gen Agent Trust Hub
clickup-reference-architecture
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a structural guide and reference for ClickUp API v2 integrations. It provides architectural diagrams, endpoint documentation, and TypeScript code snippets for managing tasks, custom fields, and time tracking. No executable scripts or automated tasks are included.
- [EXTERNAL_DOWNLOADS]: The resource section contains links to official ClickUp developer documentation and API references. These target a well-known and trusted service provider.
- [PROMPT_INJECTION]: The skill outlines patterns for processing data retrieved from ClickUp (e.g., task details, field values). While this defines a surface for indirect prompt injection if the source data is attacker-controlled, the risk is inherent to the integration use-case and the skill provides standard architectural guidance.
- Ingestion points: Data ingested from ClickUp API endpoints (e.g.,
/list/{id}/field,/team/{id}/time_entries). - Boundary markers: Not explicitly defined in the provided architectural examples.
- Capability inventory: The patterns document read/write access to ClickUp tasks, custom fields, goals, and time entries.
- Sanitization: Standard architectural logic is provided; specific sanitization of external string data is not detailed in the code snippets.
Audit Metadata