Skills
skills/openclaudia/openclaudia-skills/hubspot/Gen Agent Trust Hub

hubspot

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [Data Exfiltration] (MEDIUM): The skill instructs the agent to read from ~/.claude/.env.global to retrieve credentials. While this is a standard configuration path for certain agent environments, it involves accessing a sensitive file containing secrets.
  • [Command Execution] (SAFE): The skill uses curl to interact with the legitimate HubSpot API at https://api.hubapi.com for CRM and CMS management.
  • [Prompt Injection] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests and processes untrusted data from HubSpot records. \n
  • Ingestion points: CRM contact, deal, company properties, and CMS page content retrieved via API calls in SKILL.md. \n
  • Boundary markers: Absent; there are no instructions to the agent to distinguish between system logic and external data. \n
  • Capability inventory: curl network access and file write capabilities. \n
  • Sanitization: Absent; the skill lacks specific validation or escaping of the ingested CRM content.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:10 PM