node-red
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several Python scripts for managing Node-RED flow files, such as generating IDs and validating JSON structure. It also describes the use of CLI tools like curl for interacting with the Node-RED Admin API.
- [EXTERNAL_DOWNLOADS]: The documentation and templates provided contain examples of network operations using HTTP, MQTT, and WebSocket protocols. These are standard integration patterns for Node-RED and are presented neutrally.
- [REMOTE_CODE_EXECUTION]: The skill provides reusable JavaScript patterns for Node-RED function nodes. This is the core functionality of the platform and is used here to facilitate legitimate automation tasks.
- [PROMPT_INJECTION]: The skill includes instructions to parse and modify flows.json files, which represents an indirect prompt injection surface if the files contain malicious metadata, though no actual malicious instructions were detected.
Audit Metadata