The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's documentation and installation script promote the use of curl -fsSL https://raw.githubusercontent.com/aatrey882/servicenow-agent-skills/main/install.sh | sh. This pattern is a significant security risk as it executes unverified remote code directly in the user's shell environment.
[EXTERNAL_DOWNLOADS]: The install.sh script clones the author's entire repository from GitHub using git clone --depth 1. While this is the intended mechanism for deployment, fetching code from personal, non-verified accounts for immediate execution poses a supply-chain risk.
[COMMAND_EXECUTION]: The skill suite includes numerous shell and Python utility scripts (e.g., check-environment.sh, validate-script.sh, check-scope-prefix.py) used for system validation. These scripts execute a variety of commands, including python3 -c for JSON processing and now-sdk CLI calls, creating a broad surface for command execution.
[PROMPT_INJECTION]: The skill contains surface area for indirect prompt injection because it is designed to ingest and analyze user-provided ServiceNow metadata and scripts.
Ingestion points: Processes workspace files such as .now.ts metadata, JavaScript Script Includes, and project configuration files.
Boundary markers: There are no explicit delimiters or instructions to the agent to disregard potentially malicious commands embedded in the code it is reviewing.
Capability inventory: The skill possesses the ability to write to the file system, execute shell commands, and perform network operations via the installation logic.
Sanitization: While utility scripts like validate-script.sh perform basic pattern matching with grep, there is no robust sanitization or sandboxing for the inputs being processed.

servicenow-agent-skills