Security audit

N8n Workflow Automation Litiao

Security checks across malware telemetry and agentic risk

Overview

This skill is a non-executable guide for designing safer n8n workflows and its sensitive behaviors are disclosed, user-directed, and proportionate.

Review generated n8n workflow JSON before importing it, keep workflows inactive until checked, use least-privilege credentials, and avoid logging secrets or unnecessary sensitive data in audit logs or review queues.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Instruction Override

High

Category: Prompt Injection
Content: - Instrument this workflow with audit logs and a human approval step. - DO NOT USE WHEN… - You need code-only automation without n8n (use a scripting/CI skill). - You need to bypass security controls or hide audit trails. - You need to purchase or recommend prohibited items/services. ## INPUTS
Confidence: 90% confidence
Finding: bypass security

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.