hubspot-log-email
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes local Python scripts (check_hubspot_config.py and log_email.py) using shell commands. This is the intended behavior for the skill's operation but assumes the integrity of the local script environment.
- [PROMPT_INJECTION] (LOW): Potential surface for Indirect Prompt Injection. 1. Ingestion points: Untrusted email data enters via the --subject and --body parameters in SKILL.md. 2. Boundary markers: Absent; input is interpolated directly into shell command arguments. 3. Capability inventory: The skill triggers Python script execution and HubSpot API interactions. 4. Sanitization: No evidence of escaping or validation of user-provided strings before they are passed to the shell.
Audit Metadata