n8n-workflows

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains examples that embed secrets directly into commands and configs (e.g., Docker -e N8N_BASIC_AUTH_PASSWORD=, curl -H "X-N8N-API-KEY: "), which encourages an LLM to include verbatim secret values in generated outputs and thus creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows explicitly ingest and act on external, potentially untrusted web content — e.g., n8n-nodes-base.httpRequest examples (https://api.example.com/data, https://api.github.com/...), the Poll Trigger with url "https://api.example.com/status", and Webhook triggers that feed data into Function/IF/Switch nodes — and that content is parsed and used to drive decisions and downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The MCP server config runs "npx -y @anthropic/n8n-mcp-server" at runtime, causing npx to fetch and execute a remote npm package (remote code execution dependency), which is a required runtime dependency and thus a high-risk external fetch.