sla-management
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the tool
snow_execute_script_with_output, which allows for the execution of arbitrary JavaScript code within the ServiceNow instance. This is a functional requirement for ServiceNow development tasks. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it retrieves data from ServiceNow tables and offers a script execution environment.
- Ingestion points: Data is ingested from the
task_slaandcontract_slatables viasnow_query_tableorsnow_find_artifact. - Boundary markers: There are no explicit markers or instructions to isolate retrieved data from command logic or script generation.
- Capability inventory: The skill provides tools to execute scripts (
snow_execute_script_with_output), create definitions (snow_sla_definition_create), and query data (snow_query_table,snow_find_artifact). - Sanitization: No data sanitization or escaping mechanisms are explicitly defined in the provided snippets for data returned from the ServiceNow environment.
Audit Metadata