n8n-workflow-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): No override markers or instructions to bypass safety protocols were detected. The documentation is focused on technical workflow architecture.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths are present. The skill proactively warns against hardcoding authentication data.
- Obfuscation (SAFE): No Base64 encoding, zero-width characters, or homoglyph attacks were identified.
- Unverifiable Dependencies & RCE (SAFE): While the skill references 'n8n-mcp tools' and other skills as dependencies, these are described as functional requirements for the agent's environment rather than untrusted external downloads or remote execution triggers.
- Privilege Escalation (SAFE): No commands associated with acquiring higher permissions (e.g., sudo, chmod) are present.
- Persistence Mechanisms (SAFE): No attempts to modify shell profiles, cron jobs, or system services were found.
- Indirect Prompt Injection (SAFE): The skill provides guidance for building workflows that handle external data (webhooks, APIs). It reduces risk by including mandatory security checklists and identifying common vulnerabilities like SQL injection as 'gotchas' to avoid.
- Dynamic Execution (SAFE): No patterns of runtime compilation, unsafe deserialization, or dynamic script generation were detected.
Audit Metadata