script-include-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a reference and toolset for ServiceNow developers. It contains no malicious code, obfuscation, or unauthorized network operations. The tools provided (e.g., snow_create_script_include, snow_execute_script_with_output) are consistent with the skill's stated purpose of facilitating ServiceNow script management.
- [INDIRECT_PROMPT_INJECTION]: The skill provides patterns for handling client-side data via GlideAjax (e.g.,
this.getParameter('sysparm_keyword')). While this establishes a data ingestion surface from potentially untrusted sources, it is a standard ServiceNow development pattern. The provided examples show basic sanitization (likeparseInt), and the tool capabilities are restricted to the ServiceNow development environment.
Audit Metadata