The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides instructions for the agent to execute curl commands to interact with the n8n REST API. These commands are used for standard operations such as creating, updating, and activating workflows as documented in SKILL.md and references/api-reference.md.
[DATA_EXPOSURE]: The skill requires reading configuration data and API keys from a local .env file. This is a recognized safe practice for managing credentials in local automation environments and does not constitute a security risk.
[PROMPT_INJECTION]: The skill processes data from external webhooks and n8n API outputs (documented in references/expressions.md), which represents an indirect prompt injection surface. This is a functional requirement for automation tools, and the skill provides guidance on safe data access patterns such as optional chaining.
Ingestion points: Webhook payload data (under the .body key) and n8n API response data.
Boundary markers: The instructions distinguish between static strings and dynamic expressions using {{ }} delimiters.
Capability inventory: Shell command execution via curl restricted to the n8n API scope.
Sanitization: Employs jq for robust parsing of structured API responses.
[SAFE]: All external services referenced (including Slack, Google Sheets, OpenAI, and Anthropic) are well-known technology providers, and the skill's operations align with its stated purpose of n8n workflow management.

n8n