vendor-management
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavior, obfuscation, or unauthorized data exfiltration patterns were detected. The skill provides boilerplate code for standard ServiceNow administrative tasks.
- [COMMAND_EXECUTION]: The skill utilizes the snow_execute_script_with_output tool to run ServiceNow Glide scripts, which is consistent with its stated purpose for platform development.
- [DATA_EXPOSURE]: The skill accesses business-related tables such as core_company and ast_contract, which is required for the vendor management functionality.
- [INDIRECT_PROMPT_INJECTION]: An assessment of the indirect prompt injection surface was conducted.
- Ingestion points: Data from ServiceNow tables (e.g., core_company, ast_contract) enters the agent context via snow_query_table.
- Boundary markers: No explicit delimiters are used in the script templates to separate data from instructions.
- Capability inventory: The skill possesses table query and script execution capabilities through provided tools.
- Sanitization: The skill relies on standard GlideRecord API methods for data handling.
Audit Metadata