Back to skill

Security audit

Hubspot Implementation Plan

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only HubSpot planning skill, but users should review its optional skill-creation and contribution steps before allowing any repository or PR actions.

Safe to install as a planning aid, but treat its output as a roadmap. Before following any recommended HubSpot cleanup, verify the audit findings, export or back up affected data, and do not approve optional skill creation, git pushes, or pull requests unless you have reviewed the generated content and are comfortable publishing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The skill's stated purpose is to generate an implementation plan from an audit report, but this section expands into creating new skills, committing changes, pushing to a fork, and opening upstream pull requests. That introduces repository-modifying and external publication capabilities unrelated to the core task, increasing the chance of unauthorized code changes, data exfiltration through commits/PRs, or social-engineered supply-chain actions.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Forking repositories, creating branches, pushing commits, and opening upstream PRs are powerful capabilities that are not justified for an audit-plan generator. In this context, these instructions are especially dangerous because the skill processes audit-derived content and then proposes publishing newly generated artifacts, which could leak sensitive operational details, enable unreviewed code submission, or abuse the user's authenticated git/GitHub context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.