data-enrichment

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell scripts to automate data processing and CRM interactions. It constructs commands using variables in loops, such as hubspot objects search --type contacts "${args[@]}". While the variables are quoted to prevent simple argument injection, the execution of shell commands based on external file content is a core behavior.
  • [DATA_EXFILTRATION]: The skill reads records from local CSV and JSONL files and transmits this data to the HubSpot CRM via the hubspot CLI. This data movement represents the intended functionality of a vendor-authored data enrichment skill.
  • [PROMPT_INJECTION]: There is a potential for indirect prompt injection because the skill ingests and processes untrusted data from external sources.
  • Ingestion points: external.csv, external.jsonl, emails.txt are processed from the local filesystem.
  • Boundary markers: No explicit delimiters or instructions are used to separate user data from command context within the agent's reasoning.
  • Capability inventory: The skill utilizes hubspot objects upsert, hubspot objects search, and hubspot objects update which have write access to CRM data.
  • Sanitization: The skill employs jq to reshape and validate data before passing it to CLI tools, providing a layer of structural validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 01:14 PM