SNOW-26.1: Skill Namespace Shadowing
๐ด High ยท ServiceNow Supply Chain
Detects duplicate tool/skill labels across scoped applications that can confuse the AI agent's tool selection. Attackers can publish malicious skills with names mimicking legitimate ones to hijack agent tool routing.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | SNOW-26.1 |
| Severity | High |
| Category | ServiceNow Supply Chain |
| Platforms | servicenow |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to SNOW-26.1.