n8n-automation
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes
curlto interact with the n8n REST API andjqto parse the resulting JSON data. These operations are essential for the skill's primary function of managing an automation platform and do not exhibit suspicious behavior. - [DATA_EXFILTRATION] (SAFE): Network activity is restricted to the user-defined
$N8N_API_URL. While it involves network operations, this is the intended purpose of the skill. No evidence was found of sensitive local data being sent to unauthorized third-party domains. - [CREDENTIALS_UNSAFE] (SAFE): The skill identifies the need for an API key but correctly advises the user to store it in environment variables or a local configuration file. No hardcoded secrets are present in the provided file.
- [PROMPT_INJECTION] (SAFE): A surface for Indirect Prompt Injection (Category 8) exists as the agent processes external data (workflow names and execution logs) from the n8n API. However, this is inherent to the use case.
- Ingestion points:
curlcalls fetching workflow listings and execution details (e.g.,/workflows,/executions). - Boundary markers: None present in the provided examples.
- Capability inventory:
curl(network/mutating actions),jq(data processing),echo(output). - Sanitization: None explicitly shown in the template commands. Given the intended primary purpose, this risk is considered acceptable and downgraded to SAFE.
Audit Metadata