chat-recommendation
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection (Category 8).
- Ingestion points: The skill ingests untrusted data from ServiceNow tables including
interaction_entry(chat transcripts),sys_journal_field(journal comments), andkb_knowledge(knowledge articles). - Boundary markers: There are no delimited structures or instructions provided to the agent to treat these external inputs as untrusted or to ignore embedded instructions.
- Capability inventory: The skill utilizes
Bash(native) and multiple ServiceNow-specific MCP/REST tools for data retrieval and potentially broader system interaction. - Sanitization: No logic is present to sanitize, validate, or filter the external content before it is interpolated into the generation prompt.
- [DATA_EXFILTRATION]: The skill accesses sensitive Customer Service Management (CSM) data, including personally identifiable information (PII) such as customer names, email addresses, phone numbers, and account tiers from the
csm_consumerandcustomer_accounttables. While this access is aligned with the skill's stated purpose of providing personalized agent assistance, it involves the handling of sensitive record types.
Audit Metadata