hubspot-core-workflow-b
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface (Category 8). The skill retrieves data from external HubSpot form submissions and CRM objects, which creates an entry point for attacker-controlled instructions.
- Ingestion points: Data enters the agent's context through
getFormSubmissions,searchCRM, andclient.crm.tickets.basicApi.getById. - Boundary markers: There are no delimiters or explicit instructions provided to the agent to disregard instructions embedded within the retrieved data.
- Capability inventory: The skill allows the agent to perform write actions such as
createTicket,createFollowUpTask, andaddToListbased on processed information. - Sanitization: No content filtering or validation is performed on the data fetched from the HubSpot API before it is processed by the agent.
Audit Metadata