nathan-standards
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (SAFE): The documentation lists required environment variables such as 'JIRA_API_TOKEN' and 'N8N_API_KEY', but no hardcoded credentials, tokens, or private keys are present.
- [COMMAND_EXECUTION] (SAFE): The skill references standard development commands (uv, ruff, pytest) for maintenance and testing, with no evidence of malicious command injection.
- [DYNAMIC_EXECUTION] (LOW): File 'references/n8n-workflow-patterns.md' contains a 'Code Node Pattern' providing a template for JavaScript execution. While this is a standard n8n feature, it represents a pattern for dynamic code generation from templates.
- [DATA_EXFILTRATION] (SAFE): The skill promotes a secure architecture using shared secret headers ('X-N8N-SECRET') for webhook calls and utilizes safe YAML loading practices via 'yaml.safe_load()'.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill describes an automation surface that ingests untrusted data via webhooks from Jira. Evidence includes: 1. Ingestion point: Webhook node path in 'references/n8n-workflow-patterns.md'; 2. Boundary markers: Mandatory 'Validate Secret' node; 3. Capability inventory: Jira API interaction and JS code nodes; 4. Sanitization: JQL escaping is documented, but raw webhook body access is used in Jira nodes.
Audit Metadata