Skills
skills/abdullahbeam/nexus-design-abdullah/hubspot-list-contacts/Gen Agent Trust Hub

hubspot-list-contacts

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Vulnerable to indirect prompt injection from external data. Malicious instructions could be placed within HubSpot contact fields (e.g., first name, email) to influence agent behavior.
  • Ingestion points: Data returned from list_contacts.py in fields such as email, firstname, lastname, and company.
  • Boundary markers: Absent. The instruction set does not provide delimiters or 'ignore' instructions for the agent when rendering the contact list.
  • Capability inventory: The agent has the capability to execute Python scripts via the shell.
  • Sanitization: No sanitization or validation of the fetched contact data is mentioned in the skill definition.
  • [COMMAND_EXECUTION] (SAFE): The skill executes local Python scripts located in 00-system/skills/hubspot/. This is the intended mechanism for the skill's functionality and does not involve arbitrary or unsanitized user input in the command line beyond standard pagination cursors.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:12 PM