Skills
skills/happy-technologies-llc/happy-platform-skills/cmdb-search-analysis/Gen Agent Trust Hub

cmdb-search-analysis

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the SN-Execute-Background-Script tool to perform multi-table queries and data aggregation. This allows for the execution of server-side JavaScript (GlideRecord API) within the ServiceNow environment to compile complex reports.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting and processing untrusted data from external CMDB records.
  • Ingestion points: Data is retrieved from the ServiceNow CMDB via SN-Query-Table, SN-NL-Search, and various REST API endpoints as described in SKILL.md.
  • Boundary markers: There are no explicit instructions or delimiters used to separate the external data from the agent's internal instructions.
  • Capability inventory: The skill has access to high-privilege capabilities including server-side script execution (SN-Execute-Background-Script) and local command execution (Bash).
  • Sanitization: The instructions do not specify any validation or sanitization routines for the data fetched from the CMDB before it is processed or presented.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 04:35 PM