mobile-development
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses user geographic coordinates (latitude, longitude, and accuracy) using the
sn_mobile.getLocation()API within the Location-Based Action section. While sensitive, this access is consistent with the stated purpose of creating native mobile experiences. - [COMMAND_EXECUTION]: Employs the
snow_execute_script_with_outputtool to run and test JavaScript code (ES5) within the ServiceNow environment. This is a standard capability for developers on this platform. - [SAFE]: The skill processes external data from ServiceNow tables, such as
sys_sg_offline_queueandincident. This constitutes an ingestion surface for indirect content, but the boilerplate code follows standard platform patterns for data synchronization without malicious intent. - Ingestion points: Data is ingested via the
snow_query_tabletool and by querying thesys_sg_offline_queuetable (SKILL.md). - Boundary markers: None present in the instructions or code examples.
- Capability inventory: The skill uses
snow_execute_script_with_outputandGlideRecordoperations (insert/update) to modify data based on inputs. - Sanitization: No explicit sanitization or input validation is present in the provided boilerplate scripts.
Audit Metadata