n8n-binary-and-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted user-uploaded files from the chat trigger (files[]), and AGENT_TOOL_BINARY.md / SKILL.md require using passthroughBinaryImages and having the LLM read those files and then decide/call tools (via fromAi keys), so user-generated content can be read and materially influence agent tool use.