approval-workflows
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill implements the
snow_execute_script_with_outputtool, which allows the agent to run arbitrary JavaScript code within a target ServiceNow environment.\n- [COMMAND_EXECUTION]: The skill provides templates for creatingsysapproval_rulerecords that contain embedded server-side scripts, which are executed dynamically by the ServiceNow platform.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its data processing workflow.\n - Ingestion points: Data is ingested from ServiceNow tables using
snow_query_table.\n - Boundary markers: No specific delimiters or instructions to ignore embedded commands are included in the logic processing external data.\n
- Capability inventory: The skill possesses powerful capabilities including script execution and record creation.\n
- Sanitization: The provided code snippets do not demonstrate validation or sanitization of data retrieved from the platform before it is used in logic or scripts.
Audit Metadata