n8n-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The instructions are focused on schema-compliant JSON generation for n8n. No override markers, jailbreak attempts, or system prompt extraction patterns were detected.
- [Data Exposure & Exfiltration] (SAFE): Although the documentation references n8n nodes capable of data access (e.g.,
$env, SQL nodes, SSH), the skill does not contain hardcoded credentials or commands that exfiltrate data from the host environment. Credentials in templates are represented by placeholders. - [Unverifiable Dependencies & Remote Code Execution] (SAFE): No remote scripts or external packages are downloaded. The validation script (
validate-workflow.py) is bundled with the skill and uses Python standard libraries. - [Indirect Prompt Injection] (LOW): The skill provides a surface for indirect prompt injection.
- Ingestion points: User requirements provided via prompts are used to populate node parameters in the generated JSON.
- Boundary markers: No explicit boundary markers or 'ignore instructions' warnings are provided for the generated JSON values.
- Capability inventory: The agent is instructed to run a local validation script (
validate-workflow.py) usinguv run(SKILL.md). - Sanitization: The validation script performs structural and schema checks but does not sanitize the logical content (e.g., JavaScript in 'Code' nodes) for malicious instructions.
Audit Metadata