Skills
skills/n8n-io/skills/n8n-extending-mcp/Gen Agent Trust Hub

n8n-extending-mcp

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill introduces a surface for Indirect Prompt Injection by instructing the agent to create and invoke workflows that process external inputs.
  • Ingestion points: The Execute Workflow Trigger in created workflows serves as an entry point for untrusted data (SKILL.md).
  • Boundary markers: The protocol for workflow creation does not define specific delimiters or instructions to ignore embedded commands within the generated tool's logic (SKILL.md).
  • Capability inventory: Generated workflows can perform network operations via HTTP Request nodes and execute arbitrary internal logic. Additionally, the skill enables the agent to modify local project configuration files such as CLAUDE.md, AGENTS.md, or GEMINI.md to register new tools (SKILL.md).
  • Sanitization: The instructions do not mandate input sanitization or validation within the generated workflows to prevent malicious content from influencing the agent's logic or subsequent steps.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 01:48 PM
Security Audit — agent-trust-hub — n8n-extending-mcp