atf-testing
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of server-side scripts through the ServiceNow Automated Test Framework (ATF). These scripts are used for setting up test data, performing custom validations, and cleaning up records. This execution is confined to the ServiceNow Glide environment and is a core intended feature of the skill.
- [PROMPT_INJECTION]: An indirect prompt injection attack surface exists where the skill processes external data.
- Ingestion points: Test metadata (name, description) and step inputs (field values) provided by users enter the system via tools like
snow_atf_test_createandsnow_atf_test_step. - Boundary markers: The documentation does not currently illustrate the use of data delimiters or safety instructions to separate untrusted data from test logic.
- Capability inventory: The skill utilizes
snow_atf_test_runandsnow_query_table, which interact with ServiceNow instances based on test definitions. - Sanitization: No specific sanitization or validation logic is presented in the example scripts for handling data from external sources.
Audit Metadata