hubspot-list-emails
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill invokes local Python scripts (list_emails.py and check_hubspot_config.py) via shell commands. While this is standard for agent functionality, it relies on the integrity of the local file system.
- [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to indirect prompt injection as it ingests untrusted email subjects and bodies from the HubSpot CRM. 1. Ingestion points: External data enters through hs_email_text and hs_email_subject fields via the list_emails.py script. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: The skill has the ability to execute local subprocesses and read CRM data. 4. Sanitization: No content sanitization or validation is specified in the skill definition.
Audit Metadata