hubspot
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of external data. Ingestion points: The skill reads content from CRM object properties (e.g., notes, descriptions), marketing email bodies, and conversation messages via the HubSpot API as outlined in SKILL.md. Boundary markers: No specific delimiters or instructional barriers are established to help the agent distinguish its core instructions from the content of the retrieved data. Capability inventory: The agent is empowered with full CRUD (Create, Read, Update, Delete) access to CRM objects, the ability to send transactional emails, and file management functions via curl. Sanitization: The instructions do not specify any validation or sanitization protocols for content retrieved from the external API before it is processed by the agent.
Audit Metadata