The Agent Skills Directory

[Insecure Coding Practice] (LOW): In EXAMPLES.md, Example 2 provides an SQL query template that uses string interpolation for variables (e.g., '{{$json.data.users[0].name}}'). This pattern is vulnerable to SQL injection if the input data is not sanitized. Users should be encouraged to use parameterized queries or the built-in node functionality to handle database values safely.
[Secret Management] (INFO): The skill explains how to use $env to access environment variables. While it correctly notes that credentials should use the official n8n credential system, the presence of instructions for accessing secrets like API_KEY and DATABASE_URL in expressions is a point of note for security-conscious workflow design.

n8n-expression-syntax