sales-execution
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Uses the
hubspotCLI and standard shell utilities (jq,date,paste) to create, search, and associate CRM objects. These operations are restricted to the HubSpot ecosystem and align with the vendor's provided functionality. - [DATA_EXFILTRATION]: No evidence of data exfiltration. The skill facilitates the flow of data within the HubSpot CRM environment using the vendor's official CLI tool.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from the CRM.
- Ingestion points: Reads deal data from
hubspot objects search --type dealsinSKILL.md. - Boundary markers: Absent; the agent is expected to process the raw output of CLI commands.
- Capability inventory: Includes
hubspot objects createandhubspot associations createfor modifying CRM state. - Sanitization: Uses
jqfor structured JSON manipulation, which reduces the risk of malformed data causing unintended command execution. - [SAFE]: The use of temporary files in
/tmp/for bulk operations is a standard practice and does not involve sensitive file paths or persistent storage mechanisms.
Audit Metadata