n8n-code-javascript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows ingesting external, potentially untrusted content—e.g., using $helpers.httpRequest to fetch arbitrary URLs and processing webhook data under $json.body (SKILL.md sections "Built-in Functions & Helpers" and "Critical: Webhook Data Structure")—which the Code node is expected to read and act on as part of workflow.