n8n-mcp-tools-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes user requirements into n8n workflows that can execute code and perform network operations, creating a high-severity attack surface.
- Ingestion points: User instructions for workflow logic and configuration described across all guide files.
- Boundary markers: Absent; no specific instructions for delimiters or safety prompts for the agent when processing user input.
- Capability inventory: Tools for creating and updating workflows (n8n_create_workflow, n8n_update_partial_workflow) which modify the production state of an automation server.
- Sanitization: Partial; 'Auto-Sanitization' is mentioned for structural technical issues, but logic-level security scanning is not defined for the resulting automation.
- [Unverifiable Dependencies] (MEDIUM): The README.md identifies a dependency on 'n8n-mcp tools' (40+ tools). These tools are external to the skill and their implementation cannot be verified within this context, as the source is not listed among the Trusted External Sources.
Recommendations
- AI detected serious security threats
Audit Metadata