knowledge-management
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill references 'snow_execute_script_with_output', a tool providing server-side JavaScript execution on ServiceNow instances. This capability is documented for implementing article automation and workflow logic within the development environment.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface where external data (e.g., article content, search queries, user feedback) is processed and interpolated into ServiceNow records. • Ingestion points: Data enters the system via parameters in 'createFromTemplate' (data object), 'recordFeedback' (comments), and 'search' (query). • Boundary markers: The provided script templates do not implement specific delimiters or 'ignore' instructions to isolate untrusted content from the execution logic. • Capability inventory: The environment permits database write operations (insert/update) and script execution. • Sanitization: The 'search' tool includes a basic HTML-stripping mechanism for snippets, though other ingestion points lack formal escaping.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata