no-code-pipelines

The code is a legitimate-looking n8n workflow that reads HubSpot contact data and forwards contact PII to an external service (Personize) via a hard-coded API endpoint. There is no evidence of obfuscation, dynamic code execution, or classic malware techniques. The primary security risk is privacy and data-exfiltration: unredacted PII is sent to a third-party service. Confirm that this data transfer is intended, that legal/consent/compliance requirements are met, and that the Personize endpoint is trusted and properly secured. Also verify that the referenced credentials are stored securely and that n8n logging/retention settings do not leak PII. If the transfer is not intended, remove or modify the HTTP node before deployment.