Skills
skills/groeimetai/snow-flow/import-export/Gen Agent Trust Hub

import-export

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill integrates the snow_execute_script_with_output tool, enabling arbitrary server-side JavaScript execution in ServiceNow. This is a high-privilege function intended for development but requires strict input control.\n- [DATA_EXFILTRATION]: Functions like exportToCSV, exportToJSON, and exportToXML allow querying and extracting data from ServiceNow tables. This creates a risk of sensitive data exposure if table names or query parameters are controlled by untrusted sources.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8).\n
  • Ingestion points: Untrusted data enters via csvContent in the importCSVData function and encodedQuery parameters in various data retrieval functions.\n
  • Boundary markers: No explicit delimiters or instructions are provided to the agent context to ignore embedded instructions within processed data.\n
  • Capability inventory: The skill possesses powerful write and execution capabilities, including snow_execute_script_with_output, bulkUpdate, and bulkDelete.\n
  • Sanitization: While CSV headers are normalized, there is no validation or escaping for row data values or query strings, permitting potential manipulation of system logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 08:29 PM