n8n-code-javascript

Provides expert guidance for writing JavaScript code in n8n Code nodes, enhancing automation and data processing capabilities.

Install this skill

or

20/100

Security score

The n8n-code-javascript skill was audited on Feb 28, 2026 and we found 22 security issues across 3 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 408

Template literal with variable interpolation in command context

SourceSKILL.md

408	const value = `${$json.field}`;

medium line 604

Template literal with variable interpolation in command context

SourceSKILL.md

604	console.log(`Processing ${items.length} items`);

high line 675

Template literal with variable interpolation in command context

SourceSKILL.md

675	- [ ] No n8n expressions - Use JavaScript template literals: `` `${value}` ``

medium line 35

Webhook reference - potential data exfiltration

SourceSKILL.md

35	4. CRITICAL: Webhook data is under `$json.body` (not `$json` directly)

low line 171

Webhook reference - potential data exfiltration

SourceSKILL.md

171	const webhookData = $node["Webhook"].json;

low line 177

Webhook reference - potential data exfiltration

SourceSKILL.md

177	webhook: webhookData,

medium line 188

Webhook reference - potential data exfiltration

SourceSKILL.md

188	## Critical: Webhook Data Structure

medium line 190

Webhook reference - potential data exfiltration

SourceSKILL.md

190	MOST COMMON MISTAKE: Webhook data is nested under `.body`

low line 197

Webhook reference - potential data exfiltration

SourceSKILL.md

197	// ✅ CORRECT - Webhook data is under .body

low line 202

Webhook reference - potential data exfiltration

SourceSKILL.md

202	const webhookData = $input.first().json.body;

low line 203

Webhook reference - potential data exfiltration

SourceSKILL.md

203	const name = webhookData.name;

medium line 206

Webhook reference - potential data exfiltration

SourceSKILL.md

206	Why: Webhook node wraps all request data under `body` property. This includes POST data, query parameters, and JSON payloads.

medium line 208

Webhook reference - potential data exfiltration

SourceSKILL.md

208	See: [DATA_ACCESS.md](DATA_ACCESS.md) for full webhook structure details

medium line 287

Webhook reference - potential data exfiltration

SourceSKILL.md

287	Combine data from multiple APIs, webhooks, or nodes

medium line 440

Webhook reference - potential data exfiltration

SourceSKILL.md

440	### #5: Webhook Body Nesting

low line 443

Webhook reference - potential data exfiltration

SourceSKILL.md

443	// ❌ WRONG: Direct access to webhook data

low line 446

Webhook reference - potential data exfiltration

SourceSKILL.md

446	// ✅ CORRECT: Webhook data under .body

medium line 657

Webhook reference - potential data exfiltration

SourceSKILL.md

657	- Webhook → Code → API pattern

medium line 677

Webhook reference - potential data exfiltration

SourceSKILL.md

677	- [ ] Webhook data - Access via `.body` if from webhook

low line 463

External URL reference

SourceSKILL.md

463	url: 'https://api.example.com/data',

low line 542

External URL reference

SourceSKILL.md

542	url: 'https://api.example.com/data'

low line 695

External URL reference

SourceSKILL.md

695	- Luxon Documentation: https://moment.github.io/luxon/

Scanned on Feb 28, 2026

View Security Dashboard

Installation guide →

GitHub Stars 508

Rate this skill

Categorydevelopment

UpdatedMay 20, 2026

api backend data-engineer growth-marketer product-manager n8n development marketing product

Dicklesworthstone/pi_agent_rust