Skills
skills/proffesor-for-testing/agentic-qe/n8n-security-testing/Gen Agent Trust Hub

n8n-security-testing

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted workflow JSON and execution logs without boundary markers or sanitization.\n
  • Ingestion points: Workflow data is read via getWorkflow and getRecentExecutions in SKILL.md.\n
  • Boundary markers: No delimiters are used to isolate untrusted data from the agent's instructions.\n
  • Capability inventory: The agent can perform network requests and report on sensitive credentials.\n
  • Sanitization: No validation is applied to ingested content.\n- [COMMAND_EXECUTION]: The testWebhookInputValidation function in SKILL.md implements the capability to send attack strings, such as ; rm -rf / and ../../../etc/passwd, to external endpoints. Although intended for validation, this provides a mechanism for the agent to generate and transmit malicious injection payloads.\n- [DATA_EXFILTRATION]: The skill uses regular expressions to extract highly sensitive credentials (AWS keys, Slack tokens, Bearer tokens, etc.) from workflows and logs. The use of fetch to interact with user-provided webhook URLs further creates a risk of data exposure to non-whitelisted domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 07:38 AM