n8n
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill provides patterns for building AI agent workflows that process data from external sources (webhooks, API responses), which creates a surface for indirect prompt injection.
- Ingestion points: Webhook and HTTP Request nodes described in SKILL.md and examples/n8n_workflow_examples.js.
- Boundary markers: No specific delimiters or boundary warnings are provided in the agent prompt examples.
- Capability inventory: The skill documents capabilities for shell command execution via the 'Execute Command' node and network operations via 'fetch' and 'this.helpers.request' as seen in SKILL.md and examples/n8n_custom_node.ts.
- Sanitization: The skill includes an explicit 'validateInputData' example in examples/n8n_workflow_examples.js.
- [COMMAND_EXECUTION]: The skill documents the 'Execute Command' node which allows for system-level operations. It explicitly warns that this is a security risk and advises restricting its usage to authorized users.
- [EXTERNAL_DOWNLOADS]: The documentation references standard and well-known libraries such as lodash, luxon, pandas, and requests. These are standard dependencies within the n8n environment for data transformation and analysis.
- [CREDENTIALS_UNSAFE]: The deployment configuration in examples/n8n_deployment.yaml uses clearly labeled placeholders for sensitive variables (e.g., 'secure_password', 'n8n_password', 'your_secret_encryption_key_here') rather than hardcoded production secrets.
Audit Metadata