n8n-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (SAFE): The skill correctly retrieves authentication credentials (
N8N_API_KEY) and the target host (N8N_HOST) from environment variables. The documentation uses benign placeholders like 'your-api-key', and no real secrets are hardcoded. - [DATA_INJECTION] (LOW): The skill provides a functional surface for indirect prompt injection by accepting raw workflow definitions for deployment.
- Ingestion points: The
workflowdictionary argument in thedeploy_n8n_workflowfunction withinSKILL.md. - Boundary markers: Absent. The skill assumes the agent provides a valid workflow structure without internal delimiters or safety instructions.
- Capability inventory: Authenticated HTTP POST and PATCH requests to a remote N8N instance, which can execute complex logic.
- Sanitization: The skill does not sanitize or validate the internal nodes of the N8N workflow (e.g., checking for malicious JavaScript in 'Code' nodes). This is a known risk for automation tools but is considered a low-severity surface for this use case.
Audit Metadata