scheduled-jobs
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
SN-Execute-Background-Scripttool and createssysauto_scriptrecords, which allow for server-side JavaScript execution within the ServiceNow environment. This is a standard administrative capability required for the skill's documented purpose. - [EXTERNAL_DOWNLOADS]: The skill includes code templates that reference external endpoints such as
api.example.comfor demonstration purposes. These are clearly marked as placeholders for integration tasks. - [DATA_EXFILTRATION]: Templates demonstrate sending emails to internal addresses (e.g.,
it-security@company.com) to report on system status or user audits. This represents standard organizational reporting patterns within the ServiceNow platform. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect injection surface as it processes data from ServiceNow tables (like
syslogorsys_user) using tools likeSN-Query-Table. - Ingestion points: Data enters the context via
SN-Query-Tableresults from various system tables. - Boundary markers: None present in the provided script templates.
- Capability inventory: The agent can perform record creation, updates, and background script execution using the provided MCP tools.
- Sanitization: No explicit sanitization or filtering of external content is shown in the templates before processing.
Audit Metadata