n8n

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes CLI examples that pass credential values directly as command-line arguments (e.g., --data '{"name":"X-API-Key","value":"secret"}'), which would require the agent to embed secret values verbatim in generated commands or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill uses the n8n API/CLI to fetch full execution data (e.g., via "uvx n8n-client execution <execution_id> --data --json" and runData.Webhook[...] which includes webhook payloads and node outputs), so the agent will read and interpret arbitrary/untrusted third-party or user-generated content coming into the n8n instance.