n8n-mcp-tools-expert
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): High risk of indirect prompt injection because the agent processes untrusted external data and has powerful write capabilities to modify n8n workflows.
- Ingestion points: Tools like search_nodes and n8n_get_workflow (referenced in SEARCH_GUIDE.md and WORKFLOW_GUIDE.md) pull data from an external n8n instance into the agent's context.
- Boundary markers: No instructions for using delimiters or boundary markers when handling data returned from n8n tools are present in the guides.
- Capability inventory: The agent can create (n8n_create_workflow) and modify (n8n_update_partial_workflow) workflows, which effectively allows for the execution of logic and data movement within the n8n environment.
- Sanitization: The guides lack instructions for the agent to sanitize or validate the content of retrieved workflows or logs before using them to make decisions or execute further commands.
- [Command Execution] (MEDIUM): The documented tools provide the ability to modify executable logic (n8n nodes and connections) within an external environment, which could be exploited if the agent is misled by malicious data.
Recommendations
- AI detected serious security threats
Audit Metadata