quote-to-cash
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
hubspotCLI tool for CRM operations. This is the intended purpose of the skill and follows standard development practices for managing HubSpot objects (products, quotes, invoices, etc.) via their official tooling. Use of standard utilities likejqanddatefor data processing is also present and benign. - [DATA_EXFILTRATION]: No exfiltration patterns were detected. All network operations are directed to HubSpot's official API via the CLI, or involve local file processing (
/tmp/lineitems.jsonl). - [CREDENTIALS_UNSAFE]: The skill correctly advises users to manage their access tokens via environment variables (
export HUBSPOT_ACCESS_TOKEN=<token>) rather than hardcoding them, which is a security best practice for secret management.
Audit Metadata