Engagement Suppression Workflow

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only HubSpot workflow guide whose business-impacting suppression behavior is disclosed and aligned with its stated purpose.

Before installing or using this skill, review the HubSpot filters carefully, preview the affected contacts, test on a small segment, and confirm rollback steps. Supervise any browser-extension automation and do not turn on the workflow until the AND/OR trigger logic is manually verified.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs the agent/user to set contacts to "suppressed" and change `hs_marketable_status` to non-marketing directly in the main execution flow, which can materially alter marketing eligibility and campaign reach. Although the document discusses verification and rollback later, the irreversible-looking operational step appears before a prominent impact warning, increasing the risk of accidental bulk suppression or business disruption if followed without careful review.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal