The Agent Skills Directory

[COMMAND_EXECUTION]: Documentation in SKILL.md provides examples of using n8n's 'Execute Command' node to run local Python scripts (e.g., python /scripts/extract_ifc.py). The use of interpolated variables like {{ $json.fileName }} without explicit sanitization represents a potential command injection surface if the input source is untrusted.
[EXTERNAL_DOWNLOADS]: The skill provides instructions for installing the n8n platform via official and well-known package registries, specifically Docker Hub (n8nio/n8n) and npm (n8n). These are standard installation methods for the tool described.
[DATA_EXFILTRATION]: Example workflows demonstrate the transmission of project data to various external service endpoints, including a specialized matching API (api.construction-prices.com), the OpenWeatherMap API, and communication tools like Slack and Microsoft Teams. These network operations are consistent with the skill's stated purpose of system integration.
[INDIRECT_PROMPT_INJECTION]: The skill facilitates the creation of workflows that ingest untrusted project files (Revit exports, IFC models) and possess high-privilege capabilities such as filesystem access and network requests.
Ingestion points: Files are monitored and read via localFileTrigger and readWriteFile nodes targeting directories such as /data/revit_exports and /models.
Boundary markers: The provided workflow templates do not include delimiters or specific instructions for the agent to ignore potentially malicious instructions embedded within the processed BIM or Excel data.
Capability inventory: The skill provides examples of filesystem access, network operations (httpRequest), database interaction (postgres), and shell command execution (executeCommand).
Sanitization: The provided Python and JavaScript snippets for data processing and command execution do not demonstrate explicit sanitization or validation of the input data before use in sensitive operations.

n8n-workflow-automation