hubspot-list-companies
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill uses local paths for script execution and follows a standard configuration check process. No hardcoded credentials or suspicious command patterns are present.\n- [Indirect Prompt Injection] (SAFE): The skill is a data-processing tool that reads from the HubSpot CRM API, creating a potential surface for indirect prompt injection. However, this is inherent to the tool's primary function and no exploitation behavior was found.\n
- Ingestion points: HubSpot company data returned by list_companies.py.\n
- Boundary markers: Not explicitly defined in the skill documentation.\n
- Capability inventory: Execution of local Python scripts to perform read-only CRM operations.\n
- Sanitization: Not explicitly mentioned in the markdown structure; assumed to be handled by the referenced Python scripts.
Audit Metadata