n8n-v2
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No evidence of attempts to override agent behavior or bypass safety filters. Instructional language such as 'IMPORTANT' or 'CRITICAL' is used exclusively for technical guidance and troubleshooting.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, secrets, or sensitive file paths were detected. API interaction examples use standard placeholders or environment variables ($TOKEN). Network operations target legitimate endpoints (LinkedIn, Anthropic, NewsAPI, Hacker News).
- [Obfuscation] (SAFE): All content, including JavaScript code snippets and JSON templates, is human-readable and contains no encoded strings, hidden characters, or homoglyphs.
- [Unverifiable Dependencies & Remote Code Execution] (RCE) (SAFE): The skill does not perform any external package installations or execute remote scripts. JavaScript logic is contained within standard n8n Code node snippets intended for the n8n execution environment.
- [Indirect Prompt Injection] (LOW): The skill provides templates for aggregating news and RSS feeds. While processing external data is an inherent surface for indirect injection, the skill advocates for best practices like 'Wait nodes' for human-in-the-loop review to mitigate risks.
- [Dynamic Execution] (SAFE): JavaScript snippets provided are for data transformation and ranking within n8n. No unsafe deserialization (e.g., pickle) or runtime code generation from untrusted sources was found.
Audit Metadata