flow-designer
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes the
snow_execute_script_with_outputtool, which allows the agent to execute server-side JavaScript on a ServiceNow instance to perform automation tasks. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8) because it ingests and processes data from external sources like ServiceNow records and API responses.
- Ingestion points: Data enters the agent context through the
snow_query_tabletool and responses from external REST API integrations. - Boundary markers: The skill documentation does not define specific delimiters to separate untrusted external data from system instructions.
- Capability inventory: The skill is equipped with powerful tools for querying data and executing arbitrary scripts (
snow_execute_script_with_output). - Sanitization: There is no evidence of sanitization or filtering of external data before it is interpolated into agent logic or outputs.
Audit Metadata