n8n

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows workflows that perform HTTP requests to external URLs and receive arbitrary webhook payloads (e.g., "HTTP Request" nodes, webhook "alert" examples) and the MCP tools include get_execution/trigger_webhook which return/ingest execution input/output, so the agent would read and act on untrusted third-party content coming from public webhooks/APIs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The .codebuddy/mcp.json entry runs "npx -y @czlonkowski/n8n-mcp", which will fetch and execute remote npm package code at runtime and is required for the skill's MCP tools, so it constitutes a runtime external dependency that executes remote code.