Trust Assessment
n8n-pto-pipeline received a trust score of 64/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Unsanitized User Input in Telegram Messages (Markdown Injection), Potential Spreadsheet Formula Injection via User Comments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsanitized User Input in Telegram Messages (Markdown Injection) The n8n workflow constructs Telegram messages using data directly from Google Sheets (task_name, location, deadline, description) without sanitization. An attacker with write access to the Google Sheet could inject malicious Markdown (e.g., links, formatting) into these fields. This could lead to social engineering attacks (phishing) by displaying malicious links or confusing formatting to foremen, or UI defacement within the Telegram client. Sanitize all user-controlled input from Google Sheets before embedding it into the Telegram message. For Telegram, this typically involves escaping Markdown special characters (e.g., `*`, `_`, `[`, `]`, `(`, `)`). | LLM | SKILL.md:91 | |
| HIGH | Insecure Local Tunneling for Testing Exposes Workflow The documentation suggests using `npx n8n --tunnel` for local testing. This command creates a publicly accessible URL for the local n8n instance. If this is used with sensitive data, in a non-isolated environment, or without proper security considerations, it could expose the n8n workflow, its data, and potentially connected credentials to the public internet. This could lead to unauthorized access, data exfiltration, or manipulation of the workflow. While intended for testing, the lack of a strong warning about its security implications makes it a significant risk. Add a prominent warning about the security implications of `npx n8n --tunnel`, advising against its use with sensitive data or in production-like environments. Recommend secure alternatives for production deployment (e.g., VPN, restricted network access, or cloud-hosted n8n instances with proper access controls). | LLM | SKILL.md:147 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/datadrivenconstruction/n8n-pto-pipeline/SKILL.md:1 | |
| MEDIUM | Potential Spreadsheet Formula Injection via User Comments The workflow captures foreman responses as a 'comment' and presumably writes this directly back to Google Sheets. If the 'comment' contains spreadsheet formulas (e.g., `=HYPERLINK("malicious.com","Click me")`, `=IMPORTRANGE(...)`), and the spreadsheet is later opened in a client that interprets these formulas, it could lead to data exfiltration, execution of arbitrary functions within the spreadsheet context, or other malicious actions. This is a common vulnerability when user-supplied input is written to spreadsheets without proper sanitization. Sanitize user-provided 'comment' text before writing it to Google Sheets. This typically involves prepending an apostrophe (`'`) to any string that starts with an `=` or `+` to force it to be treated as plain text, or using a specific API option to ensure data is written as plain text. | LLM | SKILL.md:115 |
Scan History
Embed Code
[](https://skillshield.io/report/4ca2dff42a32c2c8)
Powered by SkillShield