hubspot-create-note
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill relies on shell command execution to invoke local Python scripts with parameters derived from user input. Evidence: SKILL.md documentation shows usage of
python scripts/create_note.py --body "...". Risk: If the agent execution environment does not correctly quote or escape the--bodycontent, an attacker could potentially execute arbitrary commands using shell metacharacters. - [Indirect Prompt Injection] (LOW): The skill exhibits an attack surface for indirect prompt injection. 1. Ingestion points: User-provided note content is ingested via the
--bodyparameter in SKILL.md. 2. Boundary markers: None; there are no delimiters or instructions provided to the LLM to ignore instructions within the body content. 3. Capability inventory: The skill utilizes subprocess execution ofcreate_note.pyto interact with a production CRM. 4. Sanitization: No sanitization or validation mechanisms are described or enforced in the skill instructions.
Audit Metadata