hubspot-audit
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted data from an external HubSpot CRM (contacts, deals, and engagement records) and rendering it into audit reports or using it to generate new skill definitions.
- Ingestion points: Data is retrieved via the HubSpot Search API within the 'scripts/audit_portal.py' script.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the report generation or skill creation steps.
- Capability inventory: The skill has the capability to write files (scripts, reports, and SKILL.md files), perform network operations, and execute Git commands (fork, push, and pull request).
- Sanitization: There is no mention of sanitizing, escaping, or validating external content before it is processed or written to output files.
- [COMMAND_EXECUTION]: The skill requires the execution of shell commands for environment setup and the running of a locally generated audit script. Evidence includes commands such as 'mkdir -p reports', 'uv pip install hubspot-api-client python-dotenv', and 'python scripts/audit_portal.py'.
- [DATA_EXFILTRATION]: The skill accesses highly sensitive CRM data, including PII and business metrics. While the defined workflow saves these findings to local markdown reports, the inherent capability to query and process this sensitive data represents a significant access footprint.
Audit Metadata