New Contact Hygiene Workflow

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed HubSpot workflow guide that can change CRM contact fields, so it should be reviewed carefully but does not show hidden or malicious behavior.

Install or use this only if you want ongoing HubSpot automation for new contacts. Before enabling it, test with sample contacts, confirm the trigger and copy actions, decide whether company and industry should overwrite existing values, and supervise any optional browser-extension-driven setup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The workflow explicitly copies company name and industry from the associated company onto the contact, but the instructions do not consistently require guards that prevent overwriting pre-existing contact values. In a CRM automation context, this can silently replace user-entered or integration-sourced data, causing data integrity issues, reporting errors, and unintended downstream automation behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal