Homeassistant N8n Agent

The SKILL.md instructs the OpenClaw agent to construct a `curl` command where user input (`USERS QUESTION/REQUEST`) is directly embedded into the JSON payload. This creates a severe prompt injection vulnerability, potentially leading to shell injection or JSON injection if the agent does not properly sanitize or escape the user's input before executing the `curl` command. While the intended target is `localhost:5678` (a local n8n instance), this vulnerability could allow an attacker to execute arbitrary commands on the local system where the agent is running, making it a significant security risk.