portfolio-deal-linker
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs its stated function of automating portfolio updates based on HubSpot and Gmail data. No malicious behavior such as prompt injection, unauthorized data exfiltration, or remote code execution was found.
- [DATA_EXPOSURE]: The skill accesses sensitive CRM and email data via HubSpot and Gmail MCP tools. This data is used locally to update a portfolio file and generate reports; there is no evidence of data being exfiltrated to unauthorized third-party domains.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from HubSpot deal notes and Gmail message history, which are untrusted sources.
- Ingestion points: HubSpot
deal notes/activityviahubspot_get_dealand Gmail message content viagmail_search_messages. - Boundary markers: None identified in the workflow instructions.
- Capability inventory: Local file writes (
portfolio.jsonl,last-run.json) and metric calculations. No arbitrary command execution or external network requests are present. - Sanitization: No specific sanitization or filtering of the ingested text is described. While this represents a vulnerability surface for indirect prompt injection, the lack of dangerous capabilities (e.g., shell access) limits the potential impact to localized data corruption in the portfolio file.
Audit Metadata