Skills
skills/scientiacapital/skills/hubspot-revops-skill/Gen Agent Trust Hub

hubspot-revops-skill

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from HubSpot CRM fields, which constitutes an indirect prompt injection surface.
  • Ingestion points: Data is pulled from contacts, companies, and deals (e.g., closed_lost_reason in reference/sql-analytics.md).
  • Boundary markers: The processing logic does not implement specific delimiters to isolate external text.
  • Capability inventory: The skill has the ability to write enriched data and scores back to the HubSpot API (reference/api-guide.md).
  • Sanitization: No explicit filtering or sanitization of ingested string data is performed prior to processing.
  • [REMOTE_CODE_EXECUTION]: The implementation uses joblib for model persistence, which involves unsafe deserialization.
  • Evidence: joblib.load("lead_scoring_model.pkl") is used in reference/enrichment-pipelines.md to load the predictive model.
  • Context: While joblib is the standard for scikit-learn model storage, it is based on the pickle protocol which can execute arbitrary code during deserialization. The risk is minimized as the skill is designed to train and load models locally within the same pipeline.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 07:12 PM