Fix Lifecycle Stages

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned but should be reviewed because it can bulk-change HubSpot contact and company lifecycle data and recommends ongoing workflows without strong rollback or approval safeguards.

Install only if you are comfortable giving the skill operator HubSpot permissions to bulk edit contacts, companies, and workflows. Before running execute.py or activating workflows, export affected records, review the disallowed-stage mapping for your tenant, test on a small sample, and keep a rollback plan for restoring lifecycle stages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill recommends bulk updates to contact and company lifecycle stages and activation of workflows that will continuously modify future records, but it does not provide a prominent warning, dry-run mode, rollback plan, or approval checkpoint. In a CRM context, incorrect lifecycle reassignment can corrupt reporting, segmentation, automations, and sales processes at scale, making the data integrity impact significant.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal