n8n-code-javascript
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to override system prompts or bypass safety guardrails.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or suspicious network exfiltration patterns were identified. The mention of
$helpers.httpRequest()is consistent with the primary purpose of n8n automation. - [Obfuscation] (SAFE): No encoded content (Base64), zero-width characters, or homoglyphs were detected.
- [Remote Code Execution] (SAFE): No mechanisms for downloading or executing untrusted external scripts. The skill references standard n8n platform modules like Luxon.
- [Command Execution] (SAFE): No dangerous shell commands or privilege escalation attempts (e.g., sudo) were found.
- [Indirect Prompt Injection] (LOW): While the skill describes processing external data (e.g., webhook bodies), it provides instructions for programmatic data transformation within a sandboxed environment (n8n), not for the LLM to execute untrusted instructions.
Audit Metadata