n8n-expression-syntax
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by detailing how to process untrusted data from webhooks. Ingestion points: Data from Webhook nodes accessed via the $json.body property as documented in SKILL.md. Boundary markers: No specific delimiters or safety instructions are provided to ignore embedded commands. Capability inventory: The guide demonstrates using this data in Slack, Email, and HTTP nodes. Sanitization: No guidance is provided for sanitizing or escaping external content before use.
- [DATA_EXFILTRATION]: The guide includes instructions that could lead to sensitive data exposure. Evidence: Specifically demonstrates how to access $env.API_KEY and $env.DATABASE_URL within expressions.
- [NO_CODE]: The analyzed skill consists entirely of markdown documentation and does not ship with any executable code, scripts, or binary files.
Audit Metadata