The Agent Skills Directory

NO_CODE (SAFE): The skill package contains only Markdown documentation files (README.md, SKILL.md, COMMON_MISTAKES.md, EXAMPLES.md). No executable code, shell scripts, or package manager configuration files were detected.- DATA_EXPOSURE (INFO): The instructions describe how to access environment variables using the {{$env.API_KEY}} and {{$env.DATABASE_URL}} syntax. While this is standard n8n functionality, it highlights a capability for the agent to access sensitive environment data.- INDIRECT_PROMPT_INJECTION (LOW): The skill teaches the agent to ingest and interpolate untrusted data from webhook bodies ({{$json.body.*}}) into other nodes (e.g., Slack or HTTP Requests). This identifies a vulnerability surface for indirect prompt injection if the ingested data is not properly sanitized, which is a risk inherent to the n8n platform rather than the skill's content.

n8n-expression-syntax