The Agent Skills Directory

[DATA_EXFILTRATION]: The skill provides functionality to query sensitive system tables including sys_user, domain, sys_user_has_domain, and sys_db_object using the snow_query_table tool. It includes templates for bypassing domain separation boundaries using the queryNoDomain() and setQueryReferences(false) methods, which can lead to unauthorized data exposure across partitions.
[COMMAND_EXECUTION]: The skill utilizes the snow_execute_script_with_output tool to execute arbitrary ES5 JavaScript on the target ServiceNow platform. It also provides logic to programmatically assign administrative roles via the sys_user_has_role table and create new user accounts in the sys_user table.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection where malicious instructions could be embedded in the ServiceNow record data being queried. * Ingestion points: Untrusted data enters the agent context via snow_query_table results from various ServiceNow tables (SKILL.md). * Boundary markers: The skill does not implement any delimiters or explicit instructions to the agent to ignore instructions contained within the queried data fields. * Capability inventory: The skill possesses high-impact capabilities including arbitrary script execution (snow_execute_script_with_output) and database read/write operations (snow_query_table). * Sanitization: No evidence of sanitization, escaping, or schema validation of external content is present before the data is interpolated into the agent's context.

domain-separation