discovery-patterns
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes the tool
snow_execute_script_with_output, which allows for the execution of arbitrary server-side JavaScript on the connected ServiceNow instance. - Evidence: The "Example Workflow" section demonstrates using this tool to execute complex logic, such as
var status = getDiscoveryStatus('schedule_sys_id');. - [COMMAND_EXECUTION]: The skill provides patterns for creating "Custom Probes" that execute shell commands on remote MID Servers.
- Evidence: The probe script example uses
Packages.com.service_now.mid.probe.tpcon.OperatingSystemCommand.execute(cmd)wherecmdis defined as"cat /opt/myapp/version.txt". This capability allows the agent to run OS-level commands on infrastructure connected to the ServiceNow instance. - [PROMPT_INJECTION]: There is a potential surface for indirect prompt injection where untrusted data could be interpolated into executable scripts.
- Ingestion points: The
snow_execute_script_with_outputtool accepts a stringscriptwhich may be constructed using data retrieved from table queries or user input. - Boundary markers: No explicit boundary markers or sanitization logic are demonstrated in the provided script construction examples.
- Capability inventory: Access to
GlideRecord, server-side script execution, and remote command execution on MID Servers via probes. - Sanitization: The skill lacks examples of escaping or validating inputs before they are embedded into the
scriptparameter of tools.
Audit Metadata