n8n-code-python
Guides users in writing Python code for n8n Code nodes, emphasizing best practices and limitations for effective data processing.
Install this skill
Security score
The n8n-code-python skill was audited on May 12, 2026 and we found 16 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 54 | 4. **CRITICAL**: Webhook data is under `_json["body"]` (not `_json` directly) |
Webhook reference - potential data exfiltration
| 223 | webhook_data = _node["Webhook"]["json"] |
Webhook reference - potential data exfiltration
| 229 | "webhook": webhook_data, |
Webhook reference - potential data exfiltration
| 240 | ## Critical: Webhook Data Structure |
Webhook reference - potential data exfiltration
| 242 | **MOST COMMON MISTAKE**: Webhook data is nested under `["body"]` |
Webhook reference - potential data exfiltration
| 249 | # ✅ CORRECT - Webhook data is under ["body"] |
Webhook reference - potential data exfiltration
| 254 | webhook_data = _json.get("body", {}) |
Webhook reference - potential data exfiltration
| 255 | name = webhook_data.get("name") |
Webhook reference - potential data exfiltration
| 258 | **Why**: Webhook node wraps all request data under `body` property. This includes POST data, query parameters, and JSON payloads. |
Webhook reference - potential data exfiltration
| 260 | **See**: DATA_ACCESS.md for full webhook structure details |
Webhook reference - potential data exfiltration
| 544 | ### #5: Webhook Body Nesting |
Webhook reference - potential data exfiltration
| 547 | # ❌ WRONG: Direct access to webhook data |
Webhook reference - potential data exfiltration
| 550 | # ✅ CORRECT: Webhook data under ["body"] |
Webhook reference - potential data exfiltration
| 730 | - [ ] **Webhook data** - Access via `["body"]` if from webhook |
Base64 decode operation
| 584 | encoded = base64.b64encode(data).decode() |
Base64 decode operation
| 585 | decoded = base64.b64decode(encoded) |