n8n-workflow-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md workflows and integration list show it making HTTP requests to external APIs (e.g., the "Match to Unit Prices" node calling http://api.construction-prices.com/match and the "Fetch Weather Data" node calling https://api.openweathermap.org) and references using Google Sheets/Airtable/HTTP Request sources, which are untrusted third‑party content that the agent parses and uses to drive cost calculations and notifications.