n8n-code-python
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides patterns for processing data from external sources, which creates a surface for indirect prompt injection.\n
- Ingestion points: Untrusted data enters via
_input.all(),_input.first(), and_json[\"body\"]as documented inDATA_ACCESS.mdandSKILL.md.\n - Boundary markers: The provided code patterns do not include delimiters or specific instructions to isolate untrusted content from the rest of the prompt.\n
- Capability inventory: The skill demonstrates data manipulation and analysis using the Python standard library (e.g., json, re, hashlib). It does not provide network or system-level execution capabilities.\n
- Sanitization: While the skill emphasizes using
.get()for dictionary safety to avoid KeyErrors, it does not provide guidance on sanitizing strings to prevent injection in downstream nodes.\n- [EXTERNAL_DOWNLOADS]: The skill correctly mitigates risks associated with unverifiable dependencies by explicitly instructing the agent and user that external library imports (like requests or pandas) are unavailable in the n8n environment.\n- [SAFE]: No hardcoded credentials, obfuscation, persistence mechanisms, or unauthorized execution patterns were found in any of the skill files.
Audit Metadata