Skills
skills/happy-technologies-llc/happy-platform-skills/catalog-item-generation/Gen Agent Trust Hub

catalog-item-generation

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes user-provided natural language descriptions to generate record configurations and script logic, creating an indirect prompt injection surface. * Ingestion point: User-provided natural language descriptions. * Boundary markers: Absent from the processing logic. * Capability inventory: Employs SN-Create-Record, SN-Update-Record, and SN-Execute-Background-Script. * Sanitization: No explicit validation or escaping of input content before interpolation is described.
  • [COMMAND_EXECUTION]: Utilizes the SN-Execute-Background-Script tool to perform dynamic code execution within the ServiceNow environment. * Execution method: Server-side Javascript execution via ServiceNow's background script facility. * Dynamic patterns: Assembles executable script strings by interpolating variable data extracted from user descriptions into predefined code templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 04:36 PM