Skills
skills/happy-technologies-llc/happy-platform-skills/multi-turn-ordering/Gen Agent Trust Hub

multi-turn-ordering

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes high-privilege administrative tools including SN-Execute-Background-Script, SN-Create-Record, and SN-Update-Record to programmatically configure ServiceNow Virtual Agent topics and script nodes. These operations are performed within the target ServiceNow instance to automate multi-turn ordering flows.
  • [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by processing untrusted user input within Virtual Agent script nodes.
  • Ingestion points: User-provided chat messages enter the system via vaSystem.getLastUserMessage() in Step 4.
  • Boundary markers: The implementation lacks explicit boundary markers or delimiters to isolate user input from the surrounding script logic.
  • Capability inventory: The skill uses high-privilege tools (SN-Execute-Background-Script, SN-Create-Record) across multiple setup steps.
  • Sanitization: User input is concatenated into database queries ('nameLIKE' + keyword) without sanitization, posing a risk of query manipulation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 04:35 PM