hubspot-get-associations
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes predefined local Python scripts located in
00-system/skills/hubspot/hubspot-master/scripts/to perform CRM queries. - [DATA_EXPOSURE] (SAFE): The skill accesses HubSpot CRM data which is its intended primary purpose. No hardcoded credentials or unauthorized data exfiltration patterns were found.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill has a surface for indirect prompt injection as it processes data from an external CRM.
- Ingestion points: Data returned from HubSpot API via
get_associations.py. - Boundary markers: Absent in the prompt templates.
- Capability inventory: Read-only access to record IDs and association labels; no file-write or system modification capabilities.
- Sanitization: Not explicitly defined in the skill documentation.
Audit Metadata