hubspot-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it retrieves and processes data from external HubSpot records which may contain adversarial content.
- Ingestion points: Data enters the agent's context through tools such as
HUBSPOT_SEARCH_TICKETS,HUBSPOT_GET_DEAL, andHUBSPOT_SEARCH_CONTACTS_BY_CRITERIAas defined inSKILL.md. - Boundary markers: The skill does not implement delimiters or explicit instructions for the agent to ignore potentially malicious commands embedded within the CRM data.
- Capability inventory: The skill has broad capabilities to modify the CRM environment, including creating contacts (
HUBSPOT_CREATE_CONTACT), updating companies (HUBSPOT_UPDATE_COMPANIES), and managing property schemas. - Sanitization: No sanitization, validation, or filtering of the incoming CRM data is specified in the skill's instructions.
- [EXTERNAL_DOWNLOADS]: The skill instructs users to configure an external MCP server at
https://rube.app/mcp. This represents a dependency on an unverified third-party service that is not recognized as a well-known or trusted provider in the current analysis context.
Audit Metadata