n8n-api
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation includes numerous shell command snippets using
curlandjqto interact with n8n API endpoints, including loops for bulk operations (found inSKILL.md). - [EXTERNAL_DOWNLOADS]: The skill performs network requests to an external n8n instance defined by the user in the
N8N_HOSTenvironment variable. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external n8n API responses (such as workflow definitions, execution logs, and metadata) which are then processed by the agent.
- Ingestion points: Data retrieved from n8n API endpoints like
/api/v1/workflowsand/api/v1/executionsas described inSKILL.md. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the provided interaction patterns.
- Capability inventory: The skill has the capability to perform network operations, write local files (e.g.,
workflow-backup.json), and modify remote workflow configurations. - Sanitization: There is no evidence of data validation or sanitization for the content returned from the external API before it is utilized in the agent's context.
Audit Metadata