hubspot-leadgenius
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes multiple Python scripts, such as scripts/lg_full_to_hs.py and scripts/lg_api_to_hs.py, which are intended to be run by the user to automate lead migration and synchronization workflows.
- [EXTERNAL_DOWNLOADS]: The integration communicates with official API endpoints for LeadGenius (api.leadgenius.app) and HubSpot (api.hubapi.com) to transfer contact information and AI insights. Both target domains represent well-known services.
- [CREDENTIALS_UNSAFE]: The documentation instructs the user to store high-privilege credentials, including standard API keys and administrative bypass tokens (X-Admin-Key), in a local .env file. This is consistent with best practices for script-based automation and does not represent an inherent vulnerability within the skill's code.
Audit Metadata