n8n-code-javascript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation explicitly shows and instructs making HTTP requests via $helpers.httpRequest() and processing webhook payloads (webhook data under .body in "Critical: Webhook Data Structure"), which means the Code node is expected to ingest and act on untrusted external API/webhook content at runtime.