n8n Workflow Builder
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill documentation describes workflows that ingest data from untrusted sources such as Webhooks, HTTP Requests, and Email IMAP triggers. Since the skill requests 'Bash', 'Write', and 'Edit' tools, an attacker could send malicious payloads through these ingestion points to influence the agent's behavior and trigger unauthorized actions. Evidence: 1. Ingestion points: Webhook Trigger, HTTP Request Node, Email Trigger (IMAP). 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, Edit, WebFetch tools. 4. Sanitization: Recommended as a best practice in documentation but not technically enforced in the tool configuration.
- [Command Execution] (HIGH): The skill is granted the 'Bash' tool in its frontmatter. Providing a shell execution capability to an agent that is specifically guided to fetch and process external web content constitutes a high-risk configuration that significantly increases the potential impact of an injection attack.
Recommendations
- AI detected serious security threats
Audit Metadata