ui-actions-policies
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill provides legitimate templates for ServiceNow development, utilizing standard server-side (GlideRecord, gs) and client-side (g_form, g_user, GlideAjax) APIs.
- [COMMAND_EXECUTION]: While the skill interacts with a ServiceNow instance via tools like
snow_create_ui_action, these are purpose-built for the stated objective of ServiceNow development and do not execute arbitrary commands on the local host system. - [INDIRECT_PROMPT_INJECTION]: The skill generates code based on user requests, which is a common pattern for development assistants. While this represents a potential surface for prompt injection, it is the primary purpose of the skill and no specific vulnerabilities or bypass attempts were identified.
- Ingestion points: User input parameters for the
snow_create_ui_actionandsnow_create_ui_policytools. - Boundary markers: Not explicitly defined in the templates, though ServiceNow's environment provides its own runtime isolation.
- Capability inventory: Ability to create and edit ServiceNow UI artifacts and execute JavaScript (ES5) within the ServiceNow platform context.
- Sanitization: Not present within the skill's markdown; reliance on the underlying ServiceNow platform and MCP tool implementation for input validation.
Audit Metadata