sales-execution

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: Uses the hubspot CLI and standard shell utilities (jq, date, paste) to create, search, and associate CRM objects. These operations are restricted to the HubSpot ecosystem and align with the vendor's provided functionality.
  • [DATA_EXFILTRATION]: No evidence of data exfiltration. The skill facilitates the flow of data within the HubSpot CRM environment using the vendor's official CLI tool.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from the CRM.
  • Ingestion points: Reads deal data from hubspot objects search --type deals in SKILL.md.
  • Boundary markers: Absent; the agent is expected to process the raw output of CLI commands.
  • Capability inventory: Includes hubspot objects create and hubspot associations create for modifying CRM state.
  • Sanitization: Uses jq for structured JSON manipulation, which reduces the risk of malformed data causing unintended command execution.
  • [SAFE]: The use of temporary files in /tmp/ for bulk operations is a standard practice and does not involve sensitive file paths or persistent storage mechanisms.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 01:14 PM