n8n-syntax-trigger-nodes
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill consists of architectural guidance and code templates for n8n v1.x node development.\n- [PROMPT_INJECTION]: The skill documents the creation of webhook and polling triggers, which are surfaces for processing untrusted external data. It explicitly addresses this risk by providing security best practices (e.g., AP-11 in references/anti-patterns.md) and implementation examples (Example 4 in references/examples.md) that detail how to validate incoming requests via signatures and headers before workflow execution.\n
- Ingestion points: Webhook body, headers, query parameters, and polling API responses are documented as inputs in references/methods.md and SKILL.md.\n
- Boundary markers: The documentation recommends implementing checkExists and custom validation logic to filter untrusted input.\n
- Capability inventory: The documented trigger nodes initiate workflows using this.emit() and can perform network operations via this.helpers.httpRequest, as shown in references/examples.md.\n
- Sanitization: The skill provides patterns for signature verification and status-based rejection of unauthenticated requests in its examples and anti-pattern guidance.
Audit Metadata