security-operations
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The file contains a reference to 'malicious-domain.com' within a threat indicator code example. While flagged as malicious by automated scanners, its use here is consistent with the skill's purpose of managing security indicators and serves as a placeholder for an Indicator of Compromise (IOC).
- [COMMAND_EXECUTION]: The skill utilizes the 'snow_execute_script_with_output' tool, which enables the execution of server-side JavaScript on a ServiceNow instance. This is a powerful capability intended for SecOps automation but represents a high-privilege surface.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through data processed from ServiceNow.
- Ingestion points: Data is ingested from the 'sn_si_incident' and 'sn_vul_vulnerable_item' tables using 'snow_query_table'.
- Boundary markers: There are no boundary delimiters or instructions to ignore embedded commands when processing record fields like short descriptions or notes.
- Capability inventory: The skill allows for script execution, event creation, and database queries, which could be exploited if malicious instructions are present in retrieved record data.
- Sanitization: No input validation or sanitization logic is shown in the examples for data retrieved from the database before it is used in subsequent operations.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata