hubspot-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly tells the agent to ask the user for their HubSpot private API token and store it in .env (and includes an example token string), which requires the LLM to receive and embed the secret verbatim — an exfiltration risk.