business-rule-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection where malicious instructions could be embedded in user-provided requirements.
- Ingestion points: User requests for creating or modifying Business Rules are processed using patterns from SKILL.md.
- Boundary markers: There are no explicit delimiters to separate trusted template content from untrusted user instructions.
- Capability inventory: The skill uses powerful tools like snow_execute_script_with_output and snow_create_business_rule to interact with the ServiceNow environment.
- Sanitization: No logic validation or escaping of generated script content is identified before execution.
- [COMMAND_EXECUTION]: The skill incorporates the snow_execute_script_with_output tool, which enables the execution of server-side JavaScript on a ServiceNow instance. This is a high-impact capability required for the skill's primary function but should be monitored for misuse.
Audit Metadata