n8n
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses curl to make network requests and jq to parse JSON responses. These tools are used for their intended purpose of API communication and data extraction.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection because it retrieves and displays data (such as workflow names and status messages) from an external n8n server. An attacker with access to that server could manipulate these fields to include instructions aimed at influencing the agent's behavior.
- Ingestion points: Data enters the agent's context through the listing of workflows and execution statuses via the n8n REST API.
- Boundary markers: The skill does not use specific delimiters or instructions to treat the data from the API as untrusted or to ignore embedded commands.
- Capability inventory: The skill is capable of network interaction and JSON parsing through subprocess calls to curl and jq.
- Sanitization: No content-level sanitization or filtering is applied to the data returned by the API before it is presented to the agent.
Audit Metadata