SNOW-14.1: Virtual Agent Topic Without Input Sanitization
๐ด High ยท ServiceNow Virtual Agent
Detects Virtual Agent topics (sys_cs_topic), utterances, and topic-block scripts that process user input without sanitization. Topic-block scripts are a major prompt injection vector in conversational AI deployments.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | SNOW-14.1 |
| Severity | High |
| Category | ServiceNow Virtual Agent |
| Platforms | servicenow |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to SNOW-14.1.