n8n-security-testing
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions are focused on security testing procedures and do not contain any attempts to bypass agent safety filters or override system instructions.
- [CREDENTIALS_UNSAFE]: The skill contains logic and regular expressions designed to detect exposed credentials (API keys, tokens, passwords) within n8n workflows. No actual hardcoded secrets or sensitive credentials belonging to the skill or author were found.
- [EXTERNAL_DOWNLOADS]: The skill does not perform unauthorized external downloads. It includes testing functions that use fetch to interact with user-provided webhook URLs for the purpose of validating authentication and input handling.
- [DATA_EXFILTRATION]: No evidence of malicious data exfiltration was found. Network activity is limited to active security testing of specified webhook endpoints using predefined test payloads.
- [COMMAND_EXECUTION]: The skill code scans for dangerous commands and expressions (like eval, exec, spawn) within workflows but does not execute arbitrary commands itself.
- [REMOTE_CODE_EXECUTION]: The skill identifies potentially dangerous execution patterns such as eval() and Function() in expressions but does not use these methods in its own implementation.
Audit Metadata