n8n

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read the .env (exposing N8N_API_KEY/N8N_API_URL) and to ask the user to paste any missing API credentials in a single prompt, which requires the LLM to ingest secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md and referenced files (e.g., references/ai-nodes.md and build-process.md) explicitly instruct ingesting external/user-provided content — webhook bodies, Apify scrapers and HTTP Request nodes — and feed fields like {{ $json.body.message }} into AI Agent/OpenAI nodes, so untrusted third‑party content can directly influence prompts and subsequent workflow actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill requires and at runtime fetches the credentials template URL (N8N_CREDENTIALS_TEMPLATE_URL, e.g. https://your-n8n.app.n8n.cloud/workflow/abc123) via the n8n API and copies full node configurations (which can include AI Agent system messages/prompts), so the fetched content can directly control agent prompts.