callable-lead-count
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs expected lead management functions without malicious behavior.
- [DATA_EXFILTRATION]: The skill retrieves contact details, including phone numbers, from HubSpot. This exposure is limited to its core functionality of identifying callable prospects.
- [COMMAND_EXECUTION]: The skill writes performance metrics to a local JSON file in the
~/.claude/skill-analytics/directory. - [PROMPT_INJECTION]: The skill processes job titles from HubSpot which may contain untrusted data. (1) Ingestion points: HubSpot jobtitle field. (2) Boundary markers: Not implemented. (3) Capability inventory: Report generation and writing a local log file. (4) Sanitization: Not implemented. The static keyword matching used for classification presents a low security risk.
Audit Metadata