Skills
skills/wilkomarketing/antigravity-n8n-skills/n8n-validation-expert/Gen Agent Trust Hub

n8n-validation-expert

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill processes untrusted external data (n8n node configurations and workflow definitions) and has the capability to modify that data, creating a risk surface for adversarial instructions.
  • Ingestion points: validate_node_operation (takes a config object) and n8n_autofix_workflow (takes workflow data) in README.md examples.
  • Boundary markers: No explicit instruction delimiters or 'ignore embedded instructions' warnings are mentioned for the data being processed.
  • Capability inventory: The skill utilizes tools like n8n_autofix_workflow with applyFixes: true, which grants the agent write-access to modify the structure of automated workflows.
  • Sanitization: The documentation does not specify any sanitization, escaping, or validation logic to ensure that configuration values do not contain malicious natural language instructions.
  • Command Execution (MEDIUM): The skill documentation describes an 'Auto-Sanitization System' that automatically fixes operator structure issues and workflow metadata. While marketed as a feature, the automated modification of execution logic based on potentially untrusted input is a sensitive capability that requires strict constraints.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 04:17 AM