n8n-skills
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious behaviors, prompt injections, or obfuscated content were detected across the 82 files. The skill serves as a static knowledge base for n8n automation.
- Indirect Prompt Injection (LOW): The skill documents an attack surface by describing nodes that ingest untrusted data (Webhooks) and execute high-privilege operations (Code nodes, HTTP requests).
- Ingestion points:
resources/trigger/nodes-base.webhook.md,resources/trigger/nodes-base.airtableTrigger.md, and other trigger nodes. - Boundary markers: Documentation examples do not explicitly include boundary markers for untrusted input.
- Capability inventory: n8n 'Code' and 'Function' nodes (
resources/transform/nodes-base.code.md,resources/transform/nodes-base.function.md) allow arbitrary JavaScript and Python execution within the n8n environment; 'HTTP Request' (resources/output/nodes-base.httpRequest.md) allows network operations. - Sanitization: Documentation focuses on functionality; sanitization of user-provided data is not the primary focus of the provided guides.
- Note: This finding reflects the nature of the software being documented (n8n), rather than a vulnerability in the skill itself.
Audit Metadata