n8n
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Category 8: Indirect Prompt Injection (LOW): The skill interacts with the n8n REST API, creating an indirect prompt injection surface where malicious data in workflow names or execution outputs could influence agent behavior.
- Ingestion points:
scripts/n8n_api.pyfetches data vialist_workflows,get_workflow, andlist_executionsendpoints. - Boundary markers: Absent; the script returns raw JSON output directly to the agent without delimiters or safety headers.
- Capability inventory:
scripts/n8n_api.pycan create, update, and delete workflows, as well as trigger executions with custom data payloads. - Sanitization: None; the tool assumes the API return data is trusted and does not sanitize strings before presenting them to the LLM.
- Category 2: Data Exposure (SAFE): The skill correctly uses environment variables (
N8N_API_KEY) for authentication and includes only placeholders in its documentation. No hardcoded credentials were detected.
Audit Metadata