data-enrichment
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell scripts to automate data processing and CRM interactions. It constructs commands using variables in loops, such as
hubspot objects search --type contacts "${args[@]}". While the variables are quoted to prevent simple argument injection, the execution of shell commands based on external file content is a core behavior. - [DATA_EXFILTRATION]: The skill reads records from local CSV and JSONL files and transmits this data to the HubSpot CRM via the
hubspotCLI. This data movement represents the intended functionality of a vendor-authored data enrichment skill. - [PROMPT_INJECTION]: There is a potential for indirect prompt injection because the skill ingests and processes untrusted data from external sources.
- Ingestion points:
external.csv,external.jsonl,emails.txtare processed from the local filesystem. - Boundary markers: No explicit delimiters or instructions are used to separate user data from command context within the agent's reasoning.
- Capability inventory: The skill utilizes
hubspot objects upsert,hubspot objects search, andhubspot objects updatewhich have write access to CRM data. - Sanitization: The skill employs
jqto reshape and validate data before passing it to CLI tools, providing a layer of structural validation.
Audit Metadata