clickup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the ClickUp REST API (e.g., GET /task/<task_id>, GET /task/<task_id>/comment and other list endpoints shown in SKILL.md) to read task descriptions, comments and other user-generated fields from a third-party service, which the agent would interpret and which could materially influence subsequent actions.