Skills
skills/czlonkowski/n8n-skills/n8n-mcp-tools-expert/Gen Agent Trust Hub

n8n-mcp-tools-expert

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains instructional markers (e.g., 'IMPORTANT — Always consult this skill') to prioritize its use when n8n-related tasks are identified. These are standard task-prioritization guidelines and do not attempt to bypass safety filters or extract system prompts.
  • [INDIRECT_PROMPT_INJECTION]: The skill documents an attack surface where the agent interacts with potentially untrusted external data.
  • Ingestion points: The n8n_deploy_template and search_templates tools fetch workflow configurations from a remote library, while n8n_manage_datatable processes external data rows.
  • Boundary markers: The instructions do not explicitly mandate the use of delimiters or 'ignore embedded instructions' warnings when processing downloaded template content.
  • Capability inventory: The agent is guided to use n8n_update_partial_workflow (which can modify executable Code nodes), n8n_manage_credentials (managing secrets), and n8n_test_workflow (triggering logic).
  • Sanitization: No specific sanitization or escaping of external content before interpolation into workflow parameters is described in the guides.
  • [COMMAND_EXECUTION]: The skill provides instructions for the n8n_create_workflow and n8n_update_partial_workflow tools to define and modify n8n 'Code' nodes. These nodes allow the execution of arbitrary JavaScript or Python code on the n8n host environment as part of automated workflows.
  • [EXTERNAL_DOWNLOADS]: The skill documents the n8n_deploy_template tool which retrieves workflow configurations from the n8n.io template library. This is a well-known service within the n8n ecosystem and is considered a safe source.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 01:43 PM