SNOW-5.1: Flow Action Without Input Validation
๐ด High ยท ServiceNow Flow Security
Detects Flow Designer actions (sys_hub_action) and subflows linked to AI agents that lack input validation or execute in system context. When an AI agent invokes a flow action, the parameters are formatted as strings for LLM processing, enabling variable injection if inputs are not validated.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | SNOW-5.1 |
| Severity | High |
| Category | ServiceNow Flow Security |
| Platforms | servicenow |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to SNOW-5.1.