n8n-code-javascript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly instructs Code nodes to fetch and process arbitrary public third‑party content (e.g., $helpers.httpRequest() in BUILTIN_FUNCTIONS.md and multi‑source aggregation examples that parse Reddit, Hacker News, and RSS in COMMON_PATTERNS.md and SKILL.md), meaning untrusted user‑generated content can be read and materially influence workflow behavior.