hubspot-revops-skill
Warn
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The enrichment pipeline reference code utilizes
joblib.load()to deserialize machine learning models and encoders. This loading mechanism is based onpickleand is inherently unsafe as it can be leveraged to execute arbitrary code if the.pklfiles are modified or replaced by a malicious actor. - [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by design as it ingests and processes untrusted data from HubSpot CRM and SQL warehouse tables.
- Ingestion points: Data enters the agent context from the HubSpot contacts, companies, deals, and engagements tables during analytics workflows.
- Boundary markers: No specific delimiters or instructions to ignore instructions embedded within the CRM data are present in the provided templates.
- Capability inventory: The skill possesses extensive capabilities including CRM write access, network operations via the requests library, and the use of third-party enrichment tools.
- Sanitization: There is no evidence of string sanitization or validation for data retrieved from external sources before it is processed by the AI agent.
Audit Metadata