n8n-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references standard, well-known Python libraries for document manipulation (python-docx, openpyxl, python-pptx, reportlab, jinja2) and the official n8n Docker image (n8nio/n8n) for deployment.
- [COMMAND_EXECUTION]: The documentation provides standard setup commands for environment preparation using pip install and docker run. These commands target legitimate, well-known software sources.
- [PROMPT_INJECTION]: The skill is designed to ingest and process external files (e.g., PDF processing in the 'Contract Review Pipeline'), which introduces a surface for indirect prompt injection. 1. Ingestion points: localFileTrigger and readPdf nodes mentioned in SKILL.md. 2. Boundary markers: No explicit delimiters or instructions to ignore instructions within ingested data are present in the example prompt. 3. Capability inventory: The skill has the ability to read local files, process text via AI models, and write results to files or external services (Slack). 4. Sanitization: No evidence of content sanitization or validation is provided for the document ingestion steps.
Audit Metadata