n8n-expression-syntax
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill provides patterns for processing untrusted data from webhooks and APIs. While it correctly identifies delimiters, the provided examples for SQL integration and HTTP requests lack sanitization guidance, potentially leading to injection vulnerabilities if used as a template for workflow generation.\n
- Ingestion points: Webhook data ($json.body) and API responses ($node.json) as shown in EXAMPLES.md.\n
- Boundary markers: Documents n8n-standard {{ }} delimiters.\n
- Capability inventory: Demonstrates SQL execution and HTTP network requests.\n
- Sanitization: No sanitization or parameterization is demonstrated in the SQL INSERT examples, which use direct string interpolation.
Audit Metadata