n8n-mcp-tools-expert
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill facilitates the ingestion of external data (node metadata and templates in SEARCH_GUIDE.md) and instructs the agent to use this information with high-privilege tools capable of modifying workflows (VALIDATION_GUIDE.md: n8n_autofix_workflow, workflow creation/updates). This combination creates a High-Tier vulnerability surface as defined in the Adversarial Reasoning Framework.
- Ingestion points: search_nodes and get_node tools.
- Boundary markers: Absent; no instructions are provided to delimit or ignore instructions within external data.
- Capability inventory: Tools for workflow creation, update, and automatic fixing.
- Sanitization: Absent for security purposes; the described auto-sanitization system only addresses technical configuration logic, not malicious instructions.
Recommendations
- AI detected serious security threats
Audit Metadata