Skills
skills/tomgranot/hubspot-admin-skills/create-segment-lists/Gen Agent Trust Hub

create-segment-lists

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill uses the official HubSpot Python SDK for legitimate CRM list management tasks.
  • [SAFE]: The implementation follows secure credential management by using environment variables (.env) to store the HubSpot API token.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by using user-provided input to define HubSpot segment criteria.
  • Ingestion points: Data collected from the user during the 'Gather Requirements' interview (Q1 and Q2).
  • Boundary markers: None; there are no instructions for the agent to use delimiters or ignore embedded commands in user input.
  • Capability inventory: The skill can create and modify dynamic lists in the HubSpot CRM via API calls.
  • Sanitization: None; user-supplied segment names and criteria are used directly in API request payloads without validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 04:21 AM