n8n-expression-syntax
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill instructs the agent to ingest untrusted data from webhooks and APIs and interpolate it directly into sensitive sinks without sanitization.\n
- Ingestion points: Webhook body data ($json.body in EXAMPLES.md) and external API responses ($node["HTTP Request"].json in SKILL.md).\n
- Capability inventory: Database operations (Postgres node), outgoing HTTP requests, and Slack messaging.\n
- Sanitization: No sanitization or escaping instructions are provided.\n
- Evidence: Example 2 in EXAMPLES.md demonstrates raw interpolation of user-controlled fields into a SQL INSERT statement, creating a direct surface for SQL injection attacks.\n- [Data Exposure & Exfiltration] (MEDIUM): The skill guides the agent in using sensitive environment variables like API keys in contexts where they can be easily exposed.\n
- Evidence: Example 10 in EXAMPLES.md shows an API key being placed directly into a URL query parameter (https://api.example.com/data?key={{$env.API_KEY}}), which is a high-risk practice as URL parameters are frequently logged in plain text by servers and proxies.
Recommendations
- AI detected serious security threats
Audit Metadata