code-review
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface detected where the skill ingests untrusted script content and possesses write capabilities. * Ingestion points: Script content is retrieved from ServiceNow tables using SN-Query-Table and SN-Get-Record tools in multiple steps and examples. * Boundary markers: No delimiters or instructions to ignore commands within the analyzed scripts are present. * Capability inventory: The skill uses the SN-Update-Record tool and curl -X PATCH commands to modify records in the target instance. * Sanitization: No sanitization of the retrieved script content is performed before processing.
- [COMMAND_EXECUTION]: The skill utilizes the Bash native tool and curl utility to execute network operations against ServiceNow REST APIs using environment variables.
- [DATA_EXFILTRATION]: Technical script data including business rules and script includes are retrieved from the ServiceNow instance and processed within the agent context.
Audit Metadata