n8n-workflow-patterns

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). Yes — a Google Drive uc?export=download link can host any file (including executables) from personal accounts and is commonly used to distribute malware or obscure origin, so it should be treated as high risk unless the sender and file are verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs workflows that ingest and act on untrusted external content — e.g., HTTP Request nodes calling public APIs (http_api_integration.md), Webhook triggers receiving arbitrary user POSTs (webhook_processing.md), and AI Agent tools that perform web/search calls (ai_agent_workflow.md mentions Serper/Wikipedia/HTTP tools) — and the agent is expected to read/interpret those results and use them to decide or invoke tools.