flow-generation
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is designed for ServiceNow flow automation and uses legitimate platform tools and APIs.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it processes natural language descriptions and queries existing records from ServiceNow to generate logic. 1. Ingestion points: Natural language input (Step 1) and existing flow records (Step 2). 2. Boundary markers: No explicit delimiters or instructions for the agent to ignore embedded commands are present. 3. Capability inventory: The skill has the ability to create and update records in sys_hub_flow and related tables, including support for scripted steps (sn_fd.run_script). 4. Sanitization: The instructions do not specify input validation or sanitization procedures.
Audit Metadata