hubspot-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to add a remote MCP server endpoint (
https://rube.app/mcp). This domain is not included in the 'Trusted External Sources' list. Connecting to unverified external endpoints allows the remote server to define the tools and logic the agent executes, which could change without notice. - PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface. It retrieves and processes potentially untrusted data from HubSpot CRM objects which could contain malicious instructions.
- Ingestion points: HubSpot records including contact properties, ticket descriptions, and deal notes (via
HUBSPOT_GET_TICKET,HUBSPOT_SEARCH_CONTACTS_BY_CRITERIA, etc.). - Boundary markers: None specified in the instructions to delimit external data from system prompts.
- Capability inventory: High-impact CRM operations including creating, updating, and deleting records across contacts, deals, and properties.
- Sanitization: No mention of sanitizing or escaping property values before they are used in downstream logic.
Audit Metadata