csm-sidebar-summarization
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted data from ServiceNow case records that are subsequently summarized for the agent context.\n
- Ingestion points: Untrusted data enters the agent context via the 'description' field of the 'sn_customerservice_case' table and the 'value' field of the 'sys_journal_field' table (work notes).\n
- Boundary markers: There are no boundary markers or instructions to ignore embedded commands used when assembling the summary in Step 8.\n
- Capability inventory: The agent environment includes access to 'Bash', 'SN-NL-Search', 'SN-Query-Table', and 'SN-Read-Record'.\n
- Sanitization: No explicit sanitization, filtering, or validation is performed on the data retrieved from the records.\n- [DATA_EXFILTRATION]: The skill performs network requests to ServiceNow API endpoints to fetch sensitive PII, including customer names, email addresses, phone numbers, and physical addresses from the 'csm_consumer' and 'customer_account' tables. While these operations are consistent with the skill's purpose as a CSM tool, they involve accessing and aggregating high-sensitivity data.
Audit Metadata