virtual-agent
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No security vulnerabilities or malicious patterns were identified. The skill is purely informational and provides standard templates for ServiceNow development by a verified author.
- [PROMPT_INJECTION]: The documentation identifies functional surfaces where Virtual Agents ingest user input (e.g., user_question and user_email). While these are standard integration points for the platform, they represent the inherent attack surface for indirect prompt injection. . Ingestion points: user-input variables referenced in script block examples in SKILL.md. . Boundary markers: none present in the documentation snippets. . Capability inventory: tools include snow_query_table and snow_va_topic_create for ServiceNow interaction. . Sanitization: example templates follow standard GlideRecord API usage but do not include explicit input validation.
Audit Metadata