n8n-agents-review
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a diagnostic framework designed to identify security and logic anti-patterns in n8n environments. It does not contain any malicious instructions or unexpected behavior.
- [CREDENTIALS_UNSAFE]: The skill contains a mock API key ('sk-1234567890abcdef') within its reference examples. This key is part of a 'BAD' code example specifically intended to demonstrate the risks of hardcoding credentials, making it an educational placeholder rather than a functional secret.
- [PROMPT_INJECTION]: The skill establishes a potential surface for indirect prompt injection by processing untrusted project files. * Ingestion points: n8n workflow JSON files, custom node source code (.node.ts), and credential definitions (.credentials.ts). * Boundary markers: Absent; the review instructions do not specify the use of delimiters for the artifacts being analyzed. * Capability inventory: Standard file system access for project auditing. * Sanitization: None; the skill analyzes file content directly to identify patterns.
Audit Metadata