n8n-binary-and-data
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard instructional content for n8n workflow development, following established platform patterns for binary data management.
- [DATA_EXPOSURE]: The documentation includes explicit security guidance to prevent data exposure, such as recommending private storage buckets for user-uploaded content, implementing signed URLs with expiration for sensitive data, and using deterministic hashes instead of user-supplied filenames to mitigate path traversal risks.
- [COMMAND_EXECUTION]: JavaScript code examples for n8n Code nodes utilize standard, benign Node.js APIs for buffer manipulation (
Buffer.from) and data hashing (crypto.createHash), which are typical for file processing tasks. - [INDIRECT_PROMPT_INJECTION]: The skill identifies and addresses the attack surface of indirect prompt injection by instructing developers to use strict boundary markers and non-malleable identifiers (hashes) when referencing external files in agent prompts, and by specifying clear tool descriptions to guide model behavior.
Audit Metadata