n8n-skills
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: A hardcoded API key for the Freepik service was discovered within the 'AI content generation for Auto Service' workflow template. Verbatim: 'x-freepik-api-key': 'FPSX38a53a81a693e71a0e9437a657de6342'. File: resources/templates/ai-chatbots/4600--ai-content-generation-for-auto-service-automate-your-social.md.
- [DATA_EXFILTRATION]: Hardcoding active service credentials in documentation files constitutes significant sensitive data exposure.
- [PROMPT_INJECTION]: Multiple templates define AI agents that ingest untrusted external data and interpolate it directly into system prompts, creating an indirect prompt injection surface. Evidence chain: 1. Ingestion points: Gmail (resources/templates/ai-chatbots/4722-gmail-ai-email-manager.md), WhatsApp (resources/templates/ai-chatbots/4827-ai-powered-whatsapp-chatbot-for-text-voice-images-and-pdf-wi.md), and Telegram (resources/templates/communication/8237-personal-life-manager-with-telegram-google-services-voice-en.md). 2. Boundary markers: Absent in most template prompt logic. 3. Capability inventory: Workflows utilize nodes for network requests (output/nodes-base.httpRequest.md), social media publishing (output/nodes-base.twitter.md), and file storage (input/nodes-base.googleDrive.md). 4. Sanitization: Absent; external variables like '{text}' are used directly without filtering.
Recommendations
- AI detected serious security threats
Audit Metadata