hubspot-list-deals
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill invokes local Python scripts located in
00-system/skills/hubspot/to perform its primary function of listing CRM deals. This is the intended behavior and does not represent a security risk. - [Indirect Prompt Injection] (LOW): The skill processes and displays data (deal names, amounts) from the HubSpot CRM, which could be populated with malicious instructions by an external actor. 1. Ingestion points: External data enters the agent context via HubSpot API responses processed by
list_deals.py. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded content are used in the display format. 3. Capability inventory: The skill is limited to listing deals and checking configuration. 4. Sanitization: There is no evidence of sanitization or escaping for properties likedealnamebefore they are interpolated into the display output.
Audit Metadata