hubspot
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (HIGH): High risk of indirect prompt injection (Category 8). The skill ingests untrusted data from multiple input fields and possesses write capabilities in a sensitive CRM environment.
- Ingestion points:
contact_email,contact_name,company_name,deal_name, anddeal_amountfields defined inSKILL.md. - Boundary markers: Absent. There are no instructions to the agent to treat this data as untrusted or to ignore embedded commands.
- Capability inventory: Capability to create and modify HubSpot contacts, deals, and pipelines.
- Sanitization: No input sanitization or validation mechanisms are documented, which could allow malicious instructions to be persisted in CRM records and executed by downstream agents or automated processes.
- External Downloads (MEDIUM): Installation of unverifiable dependencies (Category 4). The skill is distributed via a platform-specific ID from an unknown author.
- Evidence: Installation command
refly skill install skp-u0mohd5c6uier9grwe0nqrdrinREADME.md. - Risk: The underlying code is opaque and cannot be audited for safety, and the author 'chizblank' is not within the trusted scope.
Recommendations
- AI detected serious security threats
Audit Metadata