hubspot-log-call
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill possesses an indirect prompt injection surface. \n
- Ingestion points: Untrusted user input is accepted for the '--title' and '--body' parameters in the 'log_call.py' script. \n
- Boundary markers: The skill definition lacks delimiters or specific instructions for the agent to sanitize or escape special characters in user-provided text. \n
- Capability inventory: The skill utilizes command-line execution of local Python scripts, which could be exploited if inputs contain shell metacharacters. \n
- Sanitization: No sanitization logic is described in the skill metadata; security depends entirely on the implementation of the underlying Python scripts. \n- COMMAND_EXECUTION (SAFE): The skill executes specific local scripts ('check_hubspot_config.py' and 'log_call.py') located within a structured system directory. This is standard and expected behavior for this type of integration.
Audit Metadata