crm-integration
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security threats or malicious patterns were identified. The skill correctly implements CRM integration patterns using secure coding practices.
- [EXTERNAL_DOWNLOADS]: The skill utilizes well-known and reputable Python packages including
httpx,pyjwt,hubspot-api-client, andpython-dotenv. All API interactions target official, verified CRM endpoints such asapi.close.com, HubSpot, and Salesforce, which are recognized well-known services. - [CREDENTIALS_UNSAFE]: Sensitive information is handled securely via environment variables (e.g.,
os.environ['CLOSE_API_KEY']) and local path configuration for private keys. No hardcoded secrets, keys, or tokens are present in the code or documentation. - [PROMPT_INJECTION]: The skill does not contain instructions that attempt to override agent behavior, bypass safety guardrails, or extract system prompts. While the skill processes external CRM data, it represents a standard operational surface for its intended purpose. 1. Ingestion points: CRM API responses processed in
SKILL.mdandreference/close-deep-dive.md. 2. Boundary markers: Absent. 3. Capability inventory: Network operations viahttpxandhubspot-api-client, and local file access for authentication keys. 4. Sanitization: Not explicitly shown in snippets, but the patterns follow standard API usage.
Audit Metadata