n8n-mcp-tools-expert
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Prompt Injection (HIGH): The skill documentation creates an Indirect Prompt Injection surface where untrusted data from the n8n API can influence agent actions. * Ingestion points: The skill retrieves external data through 'n8n_get_workflow', 'search_nodes', and 'list_nodes' (SEARCH_GUIDE.md, WORKFLOW_GUIDE.md). * Boundary markers: Absent; there are no instructions for the agent to use delimiters or ignore embedded instructions when processing retrieved workflow JSON. * Capability inventory: The agent has high-privilege capabilities including 'n8n_create_workflow' and 'n8n_update_partial_workflow' which can modify the execution logic on an external n8n server (WORKFLOW_GUIDE.md). * Sanitization: No security-focused sanitization is documented; 'Auto-Sanitization' is limited to structural metadata correction for n8n nodes (VALIDATION_GUIDE.md).
- Credential Awareness (INFO): The documentation identifies the necessity of 'N8N_API_KEY' for operation but does not expose any hardcoded secrets (WORKFLOW_GUIDE.md).
Recommendations
- AI detected serious security threats
Audit Metadata