n8n
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Automated security scans identified several blacklisted URLs associated with the onesimpleapi.com domain (including registration and documentation pages) referenced in the skill assets.
- [COMMAND_EXECUTION]: The skill provides comprehensive examples and instructions for executing high-risk system commands, including docker run, docker compose, git clone, and system-level package installations. While relevant to n8n deployment, these actions grant extensive control over the host system.
- [PROMPT_INJECTION]: The documentation identifies surfaces for indirect prompt injection by describing how untrusted data from webhooks and chat triggers is passed to AI agents. Mandatory Evidence Chain: 1. Ingestion points: Chat Trigger and Webhook nodes (references/workflows.md). 2. Boundary markers: No guidance provided on using delimiters to separate instructions from data. 3. Capability inventory: AI agents are granted capabilities to execute code and perform network operations (references/advanced.md). 4. Sanitization: No instructions for sanitizing user inputs before interpolation into prompts.
Recommendations
- AI detected serious security threats
- Contains 6 malicious URL(s) - DO NOT USE
Audit Metadata