Skills
skills/manojbajaj95/gtm-skills/hubspot-crm/Gen Agent Trust Hub

hubspot-crm

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Detected an indirect prompt injection surface (Category 8) where untrusted input is processed.
  • Ingestion points: The emails list and list_name parameters in the upload_users_to_hubspot function (SKILL.md).
  • Boundary markers: Absent. The skill interpolates these variables directly into JSON payloads for API requests without using delimiters or instruction-isolation markers.
  • Capability inventory: The skill performs network write operations (POST and PUT requests) to the HubSpot CRM API using urllib.request.
  • Sanitization: Absent. There is no validation or escaping logic applied to the input strings before they are transmitted to the external service.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 03:51 PM