sn-scripting
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it analyzes and validates untrusted ServiceNow scripts. Ingestion points: The agent is instructed to read and review script files from the workspace in SKILL.md. Boundary markers: There are no delimiters or ignore instructions provided to prevent the agent from being influenced by comments or code within the analyzed scripts. Capability inventory: The skill uses a shell script (scripts/validate-script.sh) for validation and performs code reviews/modifications. Sanitization: No logic exists to sanitize or escape instructions that might be embedded in the scripts being processed.
- [COMMAND_EXECUTION]: The validation script scripts/validate-script.sh contains a minor implementation flaw in its output generation. Evidence: The script constructs a JSON response by interpolating the $FILE variable into a template string without escaping. If a file path contains characters like double quotes, it will result in malformed JSON. While this doesn't grant direct shell access, it could lead to logical errors or misinterpretation of validation results by the agent.
Audit Metadata