n8n-automation
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill references n8n nodes with high-privilege capabilities, including
Execute Commandfor running shell commands andSSHfor remote command execution as listed inreferences/n8n-nodes-masterlist.md. - [REMOTE_CODE_EXECUTION]: Documentation includes references to
CodeandFunctionnodes which allow for the execution of custom JavaScript and Python within workflows. - [EXTERNAL_DOWNLOADS]: The automation guide in
references/n8n-workflow-automation-guide.mdprovides instructions for installing n8n vianpm installanddocker run, which involves downloading software from external registries. - [DATA_EXFILTRATION]: The skill describes workflows involving
HTTP Requestnodes and webhooks, which create an attack surface for data exfiltration if workflows are improperly configured with sensitive data. - [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection within n8n workflows.
- Ingestion points: Data enters the agent context via Webhook, HTTP Request, and various app-specific trigger nodes documented in
references/n8n-nodes-masterlist.md. - Boundary markers: The prompt templates in
references/n8n-ai-agent-prompt-formula.mdlack explicit delimiters or instructions to ignore embedded commands within interpolated variables. - Capability inventory: High-privilege nodes like
Execute Command,SSH, andCodeare documented. - Sanitization: No explicit sanitization logic is demonstrated in the provided examples to handle untrusted input.
Audit Metadata