Native HubSpot

The skill bundle is benign. It provides a direct interface to the HubSpot CRM API, as clearly stated in `SKILL.md` and `README.md`. The `scripts/hubspot_query.py` script uses standard Python libraries (`urllib.request`, `json`, `os`) to interact solely with `https://api.hubapi.com`, authenticating via the `HUBSPOT_TOKEN` environment variable. There is no evidence of data exfiltration to unauthorized endpoints, malicious command execution (e.g., `curl|bash`, `eval`), persistence mechanisms, or prompt injection attempts against the AI agent. The broad read/write permissions requested are necessary for the skill's stated purpose of managing CRM data.