n8n-workflow-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scheduled_tasks.mdfile provides a code example using the Node.jschild_processmodule to execute system-level commands, such aspg_dumpfor database backups. This pattern allows for arbitrary command execution if parameters are not strictly validated. - [REMOTE_CODE_EXECUTION]: The skill describes an 'AI Agent' pattern where an LLM dynamically generates SQL queries that are passed directly to database nodes for execution. This creates a high-risk surface for LLM-driven code execution.
- Evidence: Examples in
ai_agent_workflow.mdanddatabase_operations.mdshow queries configured as{{$json.sql}}, where the SQL is provided by the AI agent output. - [PROMPT_INJECTION]: The skill defines an architecture for processing untrusted external data through AI agents, which is vulnerable to indirect prompt injection.
- Ingestion points:
webhook_processing.md(incoming HTTP request bodies) andai_agent_workflow.md(retrieved data from vector stores/document loaders). - Boundary markers: The provided system prompt templates in
ai_agent_workflow.mddo not include explicit instruction-isolation delimiters or 'ignore' safeguards for processing external data. - Capability inventory: The workflows have access to SQL execution (
database_operations.md), shell command execution (scheduled_tasks.md), and external network requests (http_api_integration.md). - Sanitization: The skill recommends using read-only database users and provides logic for scanning AI-generated SQL for dangerous keywords like 'DROP' or 'DELETE' in
ai_agent_workflow.md.
Audit Metadata