Skills
skills/walletconnect/skills/hubspot-security-queue/Gen Agent Trust Hub

hubspot-security-queue

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection during the Slack summary generation phase.
  • Ingestion points: The Python script scripts/security_queue_report.py retrieves ticket subjects and AI assessment notes from the HubSpot API, which are then processed by the scripts/run-report.mjs script.
  • Boundary markers: The report content is delimited using three dashes (---) within the prompt sent to the LLM in scripts/run-report.mjs.
  • Capability inventory: The skill possesses the ability to generate summaries using the Anthropic API and post the results to a Slack webhook.
  • Sanitization: There is no evidence of sanitization or filtering of the ticket data before it is interpolated into the prompt for the language model.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 08:26 AM
Security Audit — agent-trust-hub — hubspot-security-queue