{
    "sources": {
        "n8n-nodes-base.webhook": {
            "trustLevel": "untrusted",
            "taintedFields": [
                "body",
                "headers",
                "query",
                "params"
            ],
            "description": "HTTP webhook receives external input"
        },
        "n8n-nodes-base.formTrigger": {
            "trustLevel": "untrusted",
            "taintedFields": [
                "*"
            ],
            "description": "Form trigger receives user-submitted data"
        },
        "n8n-nodes-base.manualTrigger": {
            "trustLevel": "trusted",
            "taintedFields": [],
            "description": "Manual trigger (user-initiated)"
        },
        "n8n-nodes-base.scheduleTrigger": {
            "trustLevel": "trusted",
            "taintedFields": [],
            "description": "Schedule trigger (time-based)"
        },
        "n8n-nodes-base.emailReadImap": {
            "trustLevel": "untrusted",
            "taintedFields": [
                "subject",
                "text",
                "html",
                "from",
                "to",
                "attachments"
            ],
            "description": "Email content from external senders"
        },
        "n8n-nodes-base.emailTrigger": {
            "trustLevel": "untrusted",
            "taintedFields": [
                "subject",
                "text",
                "html",
                "from",
                "to",
                "attachments"
            ],
            "description": "Email trigger receives external email"
        },
        "n8n-nodes-base.gmail": {
            "trustLevel": "untrusted",
            "taintedFields": [
                "subject",
                "body",
                "from",
                "to",
                "attachments"
            ],
            "description": "Gmail messages from external senders"
        },
        "n8n-nodes-base.slack": {
            "trustLevel": "untrusted",
            "taintedFields": [
                "text",
                "user",
                "channel",
                "message"
            ],
            "description": "Slack messages from users"
        },
        "n8n-nodes-base.slackTrigger": {
            "trustLevel": "untrusted",
            "taintedFields": [
                "text",
                "user",
                "channel",
                "message"
            ],
            "description": "Slack trigger receives user messages"
        },
        "n8n-nodes-base.telegram": {
            "trustLevel": "untrusted",
            "taintedFields": [
                "message.text",
                "message.from",
                "message.chat"
            ],
            "description": "Telegram messages from users"
        },
        "n8n-nodes-base.telegramTrigger": {
            "trustLevel": "untrusted",
            "taintedFields": [
                "message.text",
                "message.from",
                "message.chat"
            ],
            "description": "Telegram trigger receives user messages"
        },
        "n8n-nodes-base.discord": {
            "trustLevel": "untrusted",
            "taintedFields": [
                "content",
                "author",
                "channel"
            ],
            "description": "Discord messages from users"
        },
        "n8n-nodes-base.discordTrigger": {
            "trustLevel": "untrusted",
            "taintedFields": [
                "content",
                "author",
                "channel"
            ],
            "description": "Discord trigger receives user messages"
        },
        "n8n-nodes-base.rssFeedRead": {
            "trustLevel": "semi-trusted",
            "taintedFields": [
                "title",
                "content",
                "link",
                "description"
            ],
            "description": "RSS feed content from external sources"
        },
        "n8n-nodes-base.httpRequest": {
            "trustLevel": "semi-trusted",
            "taintedFields": [
                "body",
                "headers"
            ],
            "description": "HTTP response from external API"
        },
        "n8n-nodes-base.hubspotTrigger": {
            "trustLevel": "semi-trusted",
            "taintedFields": [
                "*"
            ],
            "description": "HubSpot webhook data"
        },
        "n8n-nodes-base.stripeTrigger": {
            "trustLevel": "semi-trusted",
            "taintedFields": [
                "*"
            ],
            "description": "Stripe webhook data"
        },
        "n8n-nodes-base.githubTrigger": {
            "trustLevel": "semi-trusted",
            "taintedFields": [
                "*"
            ],
            "description": "GitHub webhook data"
        }
    },
    "sinks": {
        "n8n-nodes-base.code": {
            "severity": "critical",
            "riskType": "RCE",
            "dangerousParams": [
                "jsCode",
                "pythonCode"
            ],
            "description": "Executes arbitrary code"
        },
        "n8n-nodes-base.executeCommand": {
            "severity": "critical",
            "riskType": "Command Injection",
            "dangerousParams": [
                "command"
            ],
            "description": "Executes system commands"
        },
        "n8n-nodes-base.ssh": {
            "severity": "critical",
            "riskType": "Command Injection",
            "dangerousParams": [
                "command"
            ],
            "description": "Executes commands via SSH"
        },
        "n8n-nodes-base.function": {
            "severity": "critical",
            "riskType": "RCE",
            "dangerousParams": [
                "functionCode"
            ],
            "description": "Executes JavaScript function"
        },
        "n8n-nodes-base.functionItem": {
            "severity": "critical",
            "riskType": "RCE",
            "dangerousParams": [
                "functionCode"
            ],
            "description": "Executes JavaScript per item"
        },
        "n8n-nodes-base.mySql": {
            "severity": "high",
            "riskType": "SQL Injection",
            "dangerousParams": [
                "query"
            ],
            "description": "Executes MySQL queries"
        },
        "n8n-nodes-base.postgres": {
            "severity": "high",
            "riskType": "SQL Injection",
            "dangerousParams": [
                "query"
            ],
            "description": "Executes PostgreSQL queries"
        },
        "n8n-nodes-base.microsoftSql": {
            "severity": "high",
            "riskType": "SQL Injection",
            "dangerousParams": [
                "query"
            ],
            "description": "Executes Microsoft SQL queries"
        },
        "n8n-nodes-base.mongoDb": {
            "severity": "high",
            "riskType": "NoSQL Injection",
            "dangerousParams": [
                "query",
                "options.query"
            ],
            "description": "Executes MongoDB queries"
        },
        "n8n-nodes-base.mariadb": {
            "severity": "high",
            "riskType": "SQL Injection",
            "dangerousParams": [
                "query"
            ],
            "description": "Executes MariaDB queries"
        },
        "n8n-nodes-base.oracledb": {
            "severity": "high",
            "riskType": "SQL Injection",
            "dangerousParams": [
                "query"
            ],
            "description": "Executes Oracle database queries"
        },
        "n8n-nodes-base.snowflake": {
            "severity": "high",
            "riskType": "SQL Injection",
            "dangerousParams": [
                "query"
            ],
            "description": "Executes Snowflake queries"
        },
        "n8n-nodes-base.questDb": {
            "severity": "high",
            "riskType": "SQL Injection",
            "dangerousParams": [
                "query"
            ],
            "description": "Executes QuestDB queries"
        },
        "n8n-nodes-base.timescaleDb": {
            "severity": "high",
            "riskType": "SQL Injection",
            "dangerousParams": [
                "query"
            ],
            "description": "Executes TimescaleDB queries"
        },
        "n8n-nodes-base.cockroachDb": {
            "severity": "high",
            "riskType": "SQL Injection",
            "dangerousParams": [
                "query"
            ],
            "description": "Executes CockroachDB queries"
        },
        "n8n-nodes-base.httpRequest": {
            "severity": "high",
            "riskType": "SSRF",
            "dangerousParams": [
                "url"
            ],
            "description": "Makes HTTP requests to specified URL"
        },
        "n8n-nodes-base.readWriteFile": {
            "severity": "medium",
            "riskType": "Path Traversal",
            "dangerousParams": [
                "filePath",
                "fileName"
            ],
            "description": "Reads/writes files on the server"
        },
        "n8n-nodes-base.ftp": {
            "severity": "medium",
            "riskType": "Path Traversal",
            "dangerousParams": [
                "path"
            ],
            "description": "FTP file operations"
        },
        "@n8n/n8n-nodes-langchain.openAi": {
            "severity": "medium",
            "riskType": "Prompt Injection",
            "dangerousParams": [
                "text",
                "messages",
                "prompt"
            ],
            "description": "OpenAI API calls"
        },
        "@n8n/n8n-nodes-langchain.lmChatOpenAi": {
            "severity": "medium",
            "riskType": "Prompt Injection",
            "dangerousParams": [
                "messages",
                "prompt"
            ],
            "description": "OpenAI Chat API calls"
        },
        "@n8n/n8n-nodes-langchain.lmChatAnthropic": {
            "severity": "medium",
            "riskType": "Prompt Injection",
            "dangerousParams": [
                "messages",
                "prompt",
                "text"
            ],
            "description": "Anthropic Claude API calls"
        },
        "@n8n/n8n-nodes-langchain.agent": {
            "severity": "medium",
            "riskType": "Prompt Injection",
            "dangerousParams": [
                "text",
                "input"
            ],
            "description": "LangChain agent with tools"
        },
        "@n8n/n8n-nodes-langchain.ollama": {
            "severity": "medium",
            "riskType": "Prompt Injection",
            "dangerousParams": [
                "prompt",
                "text"
            ],
            "description": "Ollama local LLM API calls"
        },
        "@n8n/n8n-nodes-langchain.azureOpenAi": {
            "severity": "medium",
            "riskType": "Prompt Injection",
            "dangerousParams": [
                "prompt",
                "text",
                "messages"
            ],
            "description": "Azure OpenAI API calls"
        },
        "@n8n/n8n-nodes-langchain.googlePalm": {
            "severity": "medium",
            "riskType": "Prompt Injection",
            "dangerousParams": [
                "prompt",
                "text"
            ],
            "description": "Google PaLM API calls"
        },
        "@n8n/n8n-nodes-langchain.mistralCloud": {
            "severity": "medium",
            "riskType": "Prompt Injection",
            "dangerousParams": [
                "prompt",
                "text",
                "messages"
            ],
            "description": "Mistral Cloud API calls"
        },
        "@n8n/n8n-nodes-langchain.groq": {
            "severity": "medium",
            "riskType": "Prompt Injection",
            "dangerousParams": [
                "prompt",
                "text",
                "messages"
            ],
            "description": "Groq API calls"
        },
        "n8n-nodes-base.html": {
            "severity": "medium",
            "riskType": "XSS",
            "dangerousParams": [
                "html"
            ],
            "description": "Renders HTML content"
        },
        "n8n-nodes-base.respondToWebhook": {
            "severity": "medium",
            "riskType": "XSS",
            "dangerousParams": [
                "respondWith",
                "responseBody"
            ],
            "description": "Responds to webhook with content"
        }
    },
    "sanitizers": {
        "n8n-nodes-base.if": {
            "sanitizerType": "conditional",
            "validatesAgainst": [
                "*"
            ],
            "description": "Conditional branching can filter invalid input"
        },
        "n8n-nodes-base.switch": {
            "sanitizerType": "conditional",
            "validatesAgainst": [
                "*"
            ],
            "description": "Switch routing can filter unexpected values"
        },
        "n8n-nodes-base.filter": {
            "sanitizerType": "validation",
            "validatesAgainst": [
                "*"
            ],
            "description": "Filters items based on conditions"
        },
        "n8n-nodes-base.itemLists": {
            "sanitizerType": "transformation",
            "validatesAgainst": [
                "*"
            ],
            "description": "List operations may transform data"
        }
    }
}
