n8n

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill contains webhook handlers and httpRequest/code nodes that ingest and process external, user-provided or public web content (e.g., "Webhook" and "GitHub Webhook" nodes, httpRequest/code nodes that fetch arbitrary URLs like https://api.example.com, and GitHub/Community integrations), so untrusted third-party data is read and interpreted as part of workflows.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a general-purpose workflow platform, but the documentation includes explicit payment-processing workflows and nodes that send payment transactions (e.g., "Process High Value" and "Process Normal" httpRequest nodes calling https://api.payment.com/process with order_id and amount, webhook handlers for payment events, and payment-filtering/response logic). Those examples show direct transaction calls to a payment API (i.e., sending payment requests), which is an explicit financial-execution capability rather than a purely generic automation example. Therefore it meets the criterion for Direct Financial Execution.