reporting-dashboards
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides legitimate instructions and code snippets for ServiceNow development. It uses standard server-side APIs (GlideRecord, GlideAggregate) to manage reports, dashboards, and scheduled jobs within the ServiceNow platform. No suspicious external network activity, obfuscation, or sensitive data exposure was found.- [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it processes user-defined inputs for report configurations.
- Ingestion points: User requests for creating reports, dashboards, and filters (SKILL.md).
- Boundary markers: None present to delimit user-supplied parameters from tool logic.
- Capability inventory: Tools for creating reports (
snow_create_report), dashboards (snow_create_dashboard), and scheduling delivery (snow_schedule_report) (SKILL.md). - Sanitization: No explicit validation or escaping of user-provided filters or titles is demonstrated in the examples.
Audit Metadata