Skills
skills/openclaw/skills/n8n-builder/Gen Agent Trust Hub

n8n-builder

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a bash script scripts/n8n-api.sh that uses curl to interact with the n8n API. This facilitates the programmatic creation, execution, and management of n8n workflows.
  • [DATA_EXFILTRATION]: The credentials and list commands in the API helper script provide the agent with metadata about the n8n instance, including names of workflows and a list of configured external service connections. While secret keys are not exposed, this metadata can be sensitive.
  • [PROMPT_INJECTION]: The skill's primary function as an automation builder introduces a surface for indirect prompt injection.
  • Ingestion points: User-provided automation requests are used to generate workflow JSON (SKILL.md).
  • Boundary markers: The skill lacks delimiters or specific instructions to ensure that user input is treated as untrusted data during the JSON generation process.
  • Capability inventory: Through the scripts/n8n-api.sh script, the agent can deploy and trigger workflows that may contain arbitrary code execution nodes or network request nodes.
  • Sanitization: The skill does not implement any validation or sanitization of the generated workflow JSON to prevent the creation of malicious logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:52 PM