catalog-items
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily instructional and provides reference documentation for ServiceNow Service Catalog components. The code examples use standard ServiceNow APIs (GlideRecord, GlideAjax, g_form) and do not contain any hardcoded credentials or suspicious command executions.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses a data ingestion surface through tools that query ServiceNow tables. While this presents a theoretical surface for indirect injection if data inside the ServiceNow instance is attacker-controlled, there is no evidence of exploitation logic.
- Ingestion points: Data retrieved via
snow_query_tableandsnow_find_artifact. - Boundary markers: Not present in the current skill configuration.
- Capability inventory: Includes tools to create catalog items and variables (
snow_catalog_item_create,snow_catalog_variable_create). - Sanitization: Not explicitly defined in the tool metadata, relying on the agent's internal safety filters and ServiceNow's own platform security.
Audit Metadata