Trust Assessment
n8n-cost-estimation received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 2 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Command Injection via unsanitized file path, Prompt Injection via unsanitized input in LLM prompt.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via unsanitized file path The 'File Conversion Node' constructs a shell command using an input file path (`$input.first().json.file_path`) without proper sanitization. An attacker could inject malicious shell metacharacters into the `file_path` to execute arbitrary commands on the host system where the n8n workflow is running. Implement robust input validation and sanitization for `filePath` to ensure it only contains expected characters and does not include shell metacharacters. If possible, use a safer method for executing external programs that passes arguments as an array rather than interpolating directly into a shell string. | LLM | SKILL.md:50 | |
| HIGH | Prompt Injection via unsanitized input in LLM prompt The 'LLM Classification' node constructs a prompt for an LLM by directly interpolating user-controlled data (`$input.first().json.category` and `$input.first().json.items`). An attacker could craft malicious input within these fields to manipulate the LLM's behavior, leading to unintended actions, data leakage, or generation of harmful content. Sanitize all user-controlled inputs before interpolating them into LLM prompts. Consider using techniques like input validation, escaping special characters, or explicitly instructing the LLM to ignore conflicting instructions within the user input. For structured data, pass it as a separate parameter to the LLM API if supported, rather than embedding it directly in the prompt string. | LLM | SKILL.md:74 | |
| HIGH | Cross-Site Scripting (XSS) in HTML report generation The 'Generate Report' node constructs an HTML string by directly interpolating user-controlled data (e.g., `row.element`) without proper HTML escaping. If an attacker can control the input data (e.g., through the CAD file), they could inject malicious HTML or JavaScript into the report. When this report is viewed in a browser, the injected script could execute, leading to Cross-Site Scripting (XSS) attacks, potentially exfiltrating data or performing unauthorized actions. Sanitize all user-controlled data before interpolating it into HTML. Use an HTML-escaping library or function (e.g., `DOMPurify` or a custom function that escapes `<`, `>`, `&`, `'`, `"`) to convert special HTML characters into their entity equivalents. | LLM | SKILL.md:140 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/datadrivenconstruction/n8n-cost-estimation/SKILL.md:1 | |
| MEDIUM | Unpinned dependency in 'Vector Search' node The 'Vector Search in CWICR' node uses the `@qdrant/js-client-rest` library without specifying a pinned version. This introduces a supply chain risk, as a future update to the library could introduce vulnerabilities or breaking changes. It also makes the workflow susceptible to typosquatting attacks if the package name is misspelled. Pin the dependency to a specific version (e.g., `require('@qdrant/js-client-rest@1.2.3')`) to ensure deterministic builds and prevent unexpected changes. Regularly review and update dependencies, and use dependency scanning tools to monitor for known vulnerabilities. | LLM | SKILL.md:97 |
Scan History
Embed Code
[](https://skillshield.io/report/a5131804151dd326)
Powered by SkillShield