hubspot
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses
python3 -cto execute small scripts for interacting with the HubSpot API. This is expected behavior for a CLI-based CRM tool. - [PERSISTENCE] (SAFE): The documentation suggests adding the
HUBSPOT_ACCESS_TOKENto~/.zshrc. While this involves modifying a shell profile, it is a transparent and standard method for persisting environment variables required for the skill to function. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill retrieves records (contacts, companies, deals) from an external CRM. There is a theoretical risk that malicious content within those records could influence the agent's behavior.
- Ingestion points: Data retrieved via
hubspot-api-client(e.g.,client.crm.contacts.basic_api.get_page). - Boundary markers: None; the examples print raw properties directly to the console.
- Capability inventory: The skill is limited to reading data and printing it to standard output via Python subprocess calls.
- Sanitization: No sanitization or escaping of the retrieved CRM data is performed before it is output to the agent's context.
Audit Metadata