quarterly-database-cleanup
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill consists of audit checklists and procedural instructions for generating CRM health reports without any malicious commands or persistence mechanisms.
- [EXTERNAL_DOWNLOADS]: The skill requires the
hubspot-api-clientPython library, which is the official and well-known package for interacting with the HubSpot platform. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes external data from a CRM and local report files.
- Ingestion points: HubSpot API data records and previous quarterly reports stored in the
reports/directory (SKILL.md). - Boundary markers: No explicit delimiters or system instructions are provided to the agent to distinguish between its instructions and the data being processed.
- Capability inventory: The skill requires read/write access to the local file system for report generation and network access for API data retrieval (SKILL.md).
- Sanitization: No specific data validation or sanitization steps are defined for the ingested CRM content.
Audit Metadata