asset-management
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a collection of legitimate ServiceNow ES5 JavaScript snippets and tool configurations for managing hardware and software assets. No malicious code, obfuscation, or data exfiltration attempts were detected.
- [COMMAND_EXECUTION]: The skill utilizes the
snow_execute_script_with_outputtool. While this allows for arbitrary server-side JavaScript execution on a ServiceNow instance, it is a standard and necessary capability for the skill's primary purpose of ServiceNow development and automation. - [DATA_EXFILTRATION]: Tools like
snow_query_tableandsnow_cmdb_searchare included to read organizational asset and configuration data. This access is consistent with the skill's intended use case for inventory and license management within the ServiceNow ecosystem. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it processes data from external ServiceNow tables (Asset and CI records) and possesses capabilities to execute scripts and modify records. However, this is a common characteristic of integration skills and no active injection attempts were found.
- Ingestion points: Data enters the context via queries to
alm_hardware,alm_license, andcmdb_ci_computertables inSKILL.md. - Boundary markers: Not present in the provided templates.
- Capability inventory: Includes
snow_execute_script_with_output(script execution) and table modification methods (insert,update). - Sanitization: Not explicitly implemented in the provided logic snippets.
Audit Metadata