n8n

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill makes runtime HTTP calls to the user-supplied N8N_BASE_URL (e.g., ${N8N_BASE_URL}/api/v1) and explicitly calls endpoints like POST /workflows/{id}/execute, which will trigger execution of remote n8n workflows (i.e., execute remote code), so the external base URL is a required runtime dependency that can execute code.