n8n-gen
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches workflow templates from n8n.io, which is a well-known service. This action is part of the skill's primary function to research existing automation patterns and provide architectural context.
- [COMMAND_EXECUTION]: The installation process involves running pnpm and Playwright installation commands, which are standard for the required headless browser environment used for template acquisition.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from an external source (n8n.io).
- Ingestion points: Scrapes JSON workflows from the public n8n.io/workflows repository via src/search.js.
- Boundary markers: No explicit delimiters or ignore-instructions warnings are defined for the ingested data.
- Capability inventory: The skill writes JSON files and Markdown documentation to the local filesystem (n8n_references/ and n8n_output/). There is no evidence that it executes the ingested JSON.
- Sanitization: Filenames are sanitized for safety, but the skill lacks explicit sanitization of the workflow content during the synthesis step.
Audit Metadata