servicenow
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the installation of the
@membranehq/clipackage from npm, which is the official tool provided by the vendor for interacting with their infrastructure. - [COMMAND_EXECUTION]: The instructions utilize the
membraneCLI to perform operations such as authentication, searching for ServiceNow connectors, and executing API actions. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and process untrusted data from external ServiceNow records.
- Ingestion points: External data enters the agent context through actions that list or retrieve incidents, tasks, users, and knowledge base articles.
- Boundary markers: There are no explicit instructions or delimiters defined to isolate retrieved ServiceNow data from the agent's core instructions.
- Capability inventory: The skill includes write capabilities (create/update incidents) and the ability to make arbitrary requests to the ServiceNow API via the
membrane requestcommand. - Sanitization: The instructions do not specify any validation or sanitization procedures for data retrieved from the external service before it is presented to the model.
Audit Metadata