n8n-workflow-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The ai_agent_workflow.md explicitly instructs that "ANY node can be an AI tool" and gives examples (HTTP Request, Serper/Google search, Wikipedia, document loaders, etc.) where the AI agent calls public web/search/document sources and then reads/uses those results to decide tool calls and actions, so the skill clearly ingests untrusted third‑party content that can influence agent behavior.