Skills
skills/abdullahbeam/nexus-design-abdullah/hubspot-list-notes/Gen Agent Trust Hub

hubspot-list-notes

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • Command Execution (SAFE): The skill executes local Python scripts (list_notes.py, check_hubspot_config.py) to interact with the HubSpot CRM. The execution is standard and uses system-internal paths.
  • Indirect Prompt Injection (LOW): The skill processes data from an external source (HubSpot note bodies) which could contain malicious instructions.
  • Ingestion points: hs_note_body field in the script output.
  • Boundary markers: Absent; output is presented to the user after HTML stripping.
  • Capability inventory: Execution of Python scripts via the terminal.
  • Sanitization: The instructions recommend stripping HTML tags for plain text display, which provides basic formatting sanitization.
  • Data Exposure (SAFE): Accesses HubSpot CRM note data as part of its primary function. No evidence of unauthorized data exfiltration or hardcoded credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:13 PM