Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/hubspot-data-handling/Gen Agent Trust Hub

hubspot-data-handling

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses the official HubSpot SDK (@hubspot/api-client) to facilitate interactions with CRM and privacy endpoints. This is standard practice for the stated functionality.
  • [DATA_EXPOSURE]: The skill is designed to handle and export Personally Identifiable Information (PII) specifically for GDPR/CCPA compliance. It proactively addresses data exposure risks by providing a redactContactForLogging utility and promoting data minimization (only fetching required fields) as a core pattern.
  • [INDIRECT_PROMPT_INJECTION]: The skill interacts with external data sourced from HubSpot CRM records, which could potentially contain malicious instructions.
  • Ingestion points: Untrusted data enters the agent context via API calls in exportContactData and createContactWithConsent in SKILL.md.
  • Boundary markers: Not explicitly defined in the prompts, but the skill emphasizes structured data handling.
  • Capability inventory: The skill uses Read, Write, and Edit tools to perform operations and manage HubSpot data.
  • Sanitization: The skill provides redaction logic and minimization patterns to limit the processing of untrusted content to necessary fields only.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 04:41 PM