The Agent Skills Directory

[DATA_EXFILTRATION]: The skill interacts with the official HubSpot API at api.hubapi.com to retrieve and update record properties. While it handles sensitive CRM data, all network operations are directed to the well-known service infrastructure required for the skill's stated purpose.
[COMMAND_EXECUTION]: The provided Python scripts (before.py, execute.py, and after.py) are used for data auditing and batch processing. These scripts utilize the standard requests library for API communication and do not contain patterns for arbitrary shell execution or suspicious subprocess calls.
[CREDENTIALS_UNSAFE]: The skill documentation correctly instructs the user to store the HubSpot access token in a .env file, which follows established best practices for local environment configuration and secret management.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes data from an external CRM. * Ingestion points: HubSpot contact and company property values (specifically 'country' and 'state') ingested via search API calls in all script files. * Boundary markers: None; the data is processed directly without delimiters or instructions to the agent to ignore embedded commands. * Capability inventory: The skill has the ability to read and update HubSpot CRM records and write audit logs to the local file system. * Sanitization: While the execution script maps abbreviations to fixed strings, the audit and verification scripts reflect raw CRM values back to the agent context, and error responses from the API are printed without sanitization.

standardize-geo-values