hubspot-list-calls
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes local Python scripts (
check_hubspot_config.py,list_calls.py) to interface with HubSpot CRM. - [PROMPT_INJECTION] (LOW): Vulnerable to Indirect Prompt Injection (Category 8) because it retrieves and displays user-controlled fields from an external CRM. 1. Ingestion points:
hs_call_titleandhs_call_bodyfrom HubSpot engagements. 2. Boundary markers: None provided in the display templates. 3. Capability inventory: Local script execution. 4. Sanitization: No evidence of content filtering or escaping.
Audit Metadata