script-execution
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides legitimate templates for ServiceNow administration with integrated safety controls such as dry-run flags, execution limits (setLimit), and transaction rollback patterns.\n- [SAFE]: All external URLs point to official ServiceNow documentation and developer resources.\n- [PROMPT_INJECTION]: The skill demonstrates patterns for reading data from ServiceNow tables (e.g., incident descriptions, user preferences) and processing it via the agent. This presents an indirect prompt injection surface where instructions hidden in database fields could influence the agent's behavior when reviewing log outputs or query results.\n
- Ingestion points: Data is ingested from the incident, sys_user_preference, and sys_properties tables via the SN-Query-Table and SN-Execute-Background-Script tools.\n
- Boundary markers: The templates do not utilize delimiters or explicit instructions to treat the retrieved data as untrusted content.\n
- Capability inventory: The agent has high-privilege capabilities including the ability to execute arbitrary server-side JavaScript and create or delete records.\n
- Sanitization: The provided patterns perform standard serialization (JSON.stringify) but do not implement content-based sanitization for potential embedded instructions.
Audit Metadata