n8n-code-javascript
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill identifies a surface for processing untrusted data from external sources.
- Ingestion points: The README explicitly discusses processing data from webhooks (
$json.body) and other workflow nodes. - Boundary markers: No specific delimiters (e.g., XML tags) or instructions to ignore embedded commands are mentioned in the provided overview.
- Capability inventory: The skill documents the use of
$helpers.httpRequest()for network operations and various Node.js modules for data transformation. - Sanitization: The guidance includes 'Error Prevention' such as null checks and return format validation, which helps prevent accidental crashes from malformed data.
- Data Exposure & Network Operations (SAFE): While the skill documents the use of
$helpers.httpRequest(), this is a standard feature of the n8n platform. There are no patterns suggesting data exfiltration or unauthorized access to sensitive files. - Remote Code Execution (SAFE): The skill's primary purpose is to teach users how to write code for the n8n platform. It does not download or execute untrusted third-party scripts.
Audit Metadata