sales-reporting
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is authored by HubSpot and uses its own official CLI tools to interact with CRM data. Its behavior is entirely consistent with its stated purpose of sales reporting.
- [COMMAND_EXECUTION]: The skill executes
hubspotCLI commands along with standard local utilities likejq,date, andcolumn. These are used for data retrieval and report formatting. - [DATA_EXFILTRATION]: Retrieves sensitive sales data (deal amounts, owner IDs) from the user's CRM. This data is processed locally and formatted for the user; no evidence of transmission to unauthorized external domains was found.
- [PROMPT_INJECTION]:
- Ingestion points: CRM data (deal names, owner names) retrieved via HubSpot CLI.
- Boundary markers: None implemented in the instruction set.
- Capability inventory: Subprocess execution of CLI tools and local file writing (
/tmp/owners.tsv). - Sanitization: Relies on
jqfor structured data parsing and formatting.
Audit Metadata