n8n-code-python
Guides users in writing Python code for n8n Code nodes, emphasizing best practices and limitations for effective data processing.
Install this skill
Security score
The n8n-code-python skill was audited on Mar 7, 2026 and we found 16 security issues across 2 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Webhook reference - potential data exfiltration
| 52 | 4. **CRITICAL**: Webhook data is under `_json["body"]` (not `_json` directly) |
Webhook reference - potential data exfiltration
| 221 | webhook_data = _node["Webhook"]["json"] |
Webhook reference - potential data exfiltration
| 227 | "webhook": webhook_data, |
Webhook reference - potential data exfiltration
| 238 | ## Critical: Webhook Data Structure |
Webhook reference - potential data exfiltration
| 240 | **MOST COMMON MISTAKE**: Webhook data is nested under `["body"]` |
Webhook reference - potential data exfiltration
| 247 | # ✅ CORRECT - Webhook data is under ["body"] |
Webhook reference - potential data exfiltration
| 252 | webhook_data = _json.get("body", {}) |
Webhook reference - potential data exfiltration
| 253 | name = webhook_data.get("name") |
Webhook reference - potential data exfiltration
| 256 | **Why**: Webhook node wraps all request data under `body` property. This includes POST data, query parameters, and JSON payloads. |
Webhook reference - potential data exfiltration
| 258 | **See**: DATA_ACCESS.md for full webhook structure details |
Webhook reference - potential data exfiltration
| 542 | ### #5: Webhook Body Nesting |
Webhook reference - potential data exfiltration
| 545 | # ❌ WRONG: Direct access to webhook data |
Webhook reference - potential data exfiltration
| 548 | # ✅ CORRECT: Webhook data under ["body"] |
Webhook reference - potential data exfiltration
| 728 | - [ ] **Webhook data** - Access via `["body"]` if from webhook |
Base64 decode operation
| 582 | encoded = base64.b64encode(data).decode() |
Base64 decode operation
| 583 | decoded = base64.b64decode(encoded) |