The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill executes Python scripts located in the 00-system/skills/hubspot/ directory. This pattern is common for agent tools but assumes the local environment and scripts are secure and properly configured.
[PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface identified (Category 8). The skill retrieves and displays company names and properties from an external CRM (HubSpot), which could be manipulated by an attacker to include instructions that influence the agent's subsequent behavior. Ingestion points: HubSpot API response fields (name, domain, industry). Boundary markers: None identified in the markdown formatting. Capability inventory: Execution of local scripts. Sanitization: No sanitization or output validation steps are documented in the skill instructions.

hubspot-search-companies