The Agent Skills Directory

PROMPT_INJECTION (MEDIUM): Metadata Inconsistency (Category 7). The README.md claims the skill consists of 5 files and ~1,150 lines, which is inconsistent with the significantly smaller content provided. It also uses a 'Priority: HIGHEST' marker, which is a pattern commonly used to attempt to override standard agent instruction weighting.
PROMPT_INJECTION (HIGH): Indirect Prompt Injection Surface (Category 8). Evidence: 1. Ingestion points: SEARCH_GUIDE.md (via search_nodes and get_node) and VALIDATION_GUIDE.md (via validate_workflow and n8n_validate_workflow) enable the agent to ingest external data such as node metadata and workflow JSON. 2. Boundary markers: Absent. The skill contains no instructions for the agent to use delimiters or treat data returned from these tools as untrusted. 3. Capability inventory: README.md and VALIDATION_GUIDE.md describe tools with high-privilege write capabilities, including n8n_create_workflow and n8n_autofix_workflow, which modify external systems. 4. Sanitization: Absent. The 'Auto-Sanitization' system described in VALIDATION_GUIDE.md is focused on structural technical fixes and does not address the filtering of natural language prompt injection content.

n8n-mcp-tools-expert