n8n-node-expert
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's instructions and reference files are entirely dedicated to the legitimate purpose of assisting with n8n workflow development. All documented patterns and tool usages are consistent with standard automation practices.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection (Category 8) due to its focus on processing external data.
- Ingestion points: Data is ingested via $json, $node, and $input variables in SKILL.md and references/expressions-deep-dive.md.
- Boundary markers: No explicit instruction for the agent to use delimiters or 'ignore' prefixes is included when generating expressions for node configurations.
- Capability inventory: The skill facilitates the configuration of nodes with significant capabilities, such as nodes-base.httpRequest (network access), nodes-base.postgres (database access), and nodes-base.code (arbitrary script execution).
- Sanitization: No sanitization guidelines are provided for untrusted data processed through these nodes. This surface is inherent to n8n's functionality and is not a vulnerability of the skill itself.
- [REMOTE_CODE_EXECUTION]: The skill provides guidance on writing JavaScript and Python logic for n8n 'Code' nodes. This is an intended and documented feature of the n8n platform, and the skill provides safe, localized examples for data transformation.
Audit Metadata