n8n-workflow-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill documents patterns for ingesting data from untrusted external sources (webhooks, HTTP APIs, and databases) and using that data to drive workflow logic and AI agent tool calls. This architecture creates an indirect prompt injection surface where malicious inputs could influence downstream actions.
- Ingestion points: Webhooks and API responses are identified as primary data entry points across the documentation (e.g., in
webhook_processing.mdandhttp_api_integration.md). - Boundary markers: While the skill provides high-level guidelines for AI agent behavior, it does not detail the implementation of strict data delimiters or isolation techniques for all data interpolation scenarios.
- Capability inventory: The documentation covers capabilities such as database write operations (
database_operations.md), network requests (http_api_integration.md), and system command execution (scheduled_tasks.md). - Sanitization: The skill mitigates risks by proactively teaching input validation, sanitization, and the use of least-privilege database accounts for AI agents (
ai_agent_workflow.md). - [COMMAND_EXECUTION]: The skill includes examples of using the Node.js
child_processmodule within n8n Code nodes to execute shell commands for maintenance tasks, such as database backups (scheduled_tasks.md). While these are provided as static educational examples, they demonstrate a high-privilege capability that could be misused if workflows are not properly secured.
Audit Metadata