n8n-core-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs the agent to fetch and process data from arbitrary n8n instances (e.g., numerous curl examples and patterns calling "<BASE_URL>/api/v1/workflows", "/executions", and "/credential-types/:typeName"), which are user-hosted/public API endpoints whose untrusted, user-generated content the agent must read and which can directly change subsequent actions (retry/activate/stop workflows); therefore it exposes the agent to indirect prompt-injection risk.