oauth-automation
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Solution 2 describes a mechanism to programmatically update n8n workflows by fetching the workflow JSON, performing a regex replacement on JavaScript code strings to inject a new access token, and then PATCHing the workflow back to the server. This constitutes dynamic code modification and deployment.
- [COMMAND_EXECUTION]: The skill uses the Node.js https module to perform management operations against the local n8n API, specifically targeting the /api/v1/workflows/ endpoint to retrieve and modify workflow configurations based on external data.
- [DATA_EXFILTRATION]: The skill logic is designed to retrieve, store, and transmit high-value secrets, including OAuth Client IDs, Client Secrets, and Refresh Tokens. It facilitates the movement of these credentials across network boundaries to Google's OAuth endpoints.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection where an access token retrieved from a network endpoint is directly interpolated into a string that is subsequently saved and executed as JavaScript code. The absence of boundary markers or sanitization steps means that if the token data were maliciously crafted, it could alter the logic of the target workflow.
Audit Metadata