n8n-validation-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8) due to its core function of processing untrusted external data with write capabilities.
- Ingestion points: The skill ingests untrusted data from n8n workflow configurations and validation error outputs through tools like
validate_node_operationandvalidate_workflow(referenced in README.md). - Boundary markers: No explicit boundary markers or delimiters for untrusted data are mentioned in the provided documentation, increasing the risk of the agent obeying instructions embedded in the workflow data.
- Capability inventory: The skill utilizes the
n8n_autofix_workflowtool, which has the capability to modify the state of the workflow (Write capability). - Sanitization: There is no evidence of sanitization or filtering of the n8n workflow content (node names, expressions, or descriptions) before it is processed by the agent.
- Adversarial Risk: A malicious workflow could contain instructions within its metadata or node properties designed to manipulate the agent during the 'Validation Loop,' potentially leading to unauthorized modifications or decision-making biases.
Recommendations
- AI detected serious security threats
Audit Metadata