kipn.ai
Shared workflow report

DevSecOps Triage Engine

Analyzed

Executive Summary
n8n
Production RiskHigh

AI node blocks synchronous webhook response path — Webhook senders have hard response timeouts: Slack 3 s, Shopify 5 s, GitHub 10 s, Stripe 30 s. AI calls typically take 10–60 seconds. When the sender times out, it marks the delivery failed and retries — the workflow processes the same event twice, potentially creating duplicate records, emails, or actions.

Cost ExposureHigh

Scheduled workflow fetches all records with no incremental filter — In development with small datasets, this is imperceptible. As data accumulates in production, each execution takes longer, uses more memory, costs more in API calls, and eventually hits provider rate limits — all without any change to the workflow.

Observability Gap

Side-effect node has no audit trail — If this action is disputed, replayed, or causes a data inconsistency, there is no structured record of what was sent, when, and with what data. Debugging requires cross-referencing n8n execution history with the external system's own logs.

52/ 100
Overall
Risk: HighCost: High
Reliability
0
Security
85
Cost Risk
60
Observability
76
AI Governance
100
Naming
100
Complexity
100
Nodes
29
Edges
24
External calls
15
LLM nodes
8
AI via HTTP
0
Loops
0
Error handlers
0
Unreachable
0
Max depth
5
Workflow Graph
Graph
29 nodes · 24 edges
100%
click a node to highlight its upstream & downstream paths
Controls Matrix
Present Partial Missing
CheckDescriptionStatus
Failure Alerting

Failures silent — only visible in execution log

Missing
Retry on Failure

Transient failures cause permanent stops

Present
Request Timeouts

Slow providers can block execution indefinitely

1 / 12 external nodes have timeout

Partial
Duplicate Prevention

Retry on write events creates duplicate records

Missing
Empty Response Handling

Zero-result lookups break downstream logic

Present
AI Output Limits

Output cost and parsing risk unbounded

Present
AI Output Format

Free-form output will break downstream parsers

1 of 8 AI nodes lack structured output

Partial
Activity Logging

Side effects unlogged

3 of 4 write nodes missing audit log

Partial
Write Deduplication

Webhook replays may create duplicate records

Missing

Run this analysis on your own workflows

Break Points
2AI blocks webhook responseRisk HighConfidence 85%2 nodes affected
Affected Nodes:
  • Production Incident Detector
  • Supervisor Orchestrator
What happens:

Webhook senders have hard response timeouts: Slack 3 s, Shopify 5 s, GitHub 10 s, Stripe 30 s. AI calls typically take 10–60 seconds. When the sender times out, it marks the delivery failed and retries — the workflow processes the same event twice, potentially creating duplicate records, emails, or actions.

Recommended Fix:

Respond to the webhook immediately with a 202 Accepted using a Respond to Webhook node placed before the AI work. Move the AI processing to continue asynchronously after the response.


3Missing timeoutRisk MediumConfidence 90%11 nodes affected
Affected Nodes:
  • Supervisor Orchestrator
  • Hardcore Developer
  • Risk Evaluator
What happens:

A single slow external call can block the entire workflow execution. At high trigger frequency, accumulated stuck executions can exhaust the n8n execution queue.

Recommended Fix:

Set a timeout under the node's Additional Options. A value of 10,000–30,000 ms (10–30 seconds) is a reasonable starting point for most APIs; adjust based on the provider's documented SLA.


4Missing error handlerRisk MediumConfidence 85%18 nodes affected
Affected Nodes:
  • Supervisor Orchestrator
  • Hardcore Developer
  • Risk Evaluator
What happens:

Operators cannot tell from external signals that a run failed. Silent failures go undetected until a downstream system shows missing data or a user reports a problem.

Recommended Fix:

Connect a dedicated Error Workflow in workflow settings, or add a per-node onError: "continueErrorOutput" path that sends an alert via Slack, email, or a logging service.


5Fragile expressionRisk MediumConfidence 75%1 node affected
Affected Nodes:
  • Send to Devlogs channel
What happens:

These expressions work reliably against test data where all fields are present. In production, fields may be absent, null, or differently typed — causing a runtime error or silent null propagation at the point of the expression.

Recommended Fix:
  • In `content`, change {{ $json.discord_message }} to {{ $json?.discord_message }}.

6Fragile expressionRisk MediumConfidence 75%1 node affected
Affected Nodes:
  • Send to DevGroup
What happens:

These expressions work reliably against test data where all fields are present. In production, fields may be absent, null, or differently typed — causing a runtime error or silent null propagation at the point of the expression.

Recommended Fix:
  • In `text`, change {{ $json.telegram_message }} to {{ $json?.telegram_message }}.

7Fragile expressionRisk MediumConfidence 75%1 node affected
Affected Nodes:
  • Send to Team
What happens:

These expressions work reliably against test data where all fields are present. In production, fields may be absent, null, or differently typed — causing a runtime error or silent null propagation at the point of the expression.

Recommended Fix:
  • In `text`, change {{ $json.slack_message }} to {{ $json?.slack_message }}.

8Fragile expressionRisk MediumConfidence 75%1 node affected
Affected Nodes:
  • Send to Director
What happens:

These expressions work reliably against test data where all fields are present. In production, fields may be absent, null, or differently typed — causing a runtime error or silent null propagation at the point of the expression.

Recommended Fix:
  • In `subject`, change {{ $json.gmail_subject }} to {{ $json?.gmail_subject }}.
  • In `message`, change {{ $json.gmail_html }} to {{ $json?.gmail_html }}.

9Poll without filterRisk MediumConfidence 70%2 nodes affected
Affected Nodes:
  • Regular Scanner: Everyday at 9am
  • Send to Director
What happens:

In development with small datasets, this is imperceptible. As data accumulates in production, each execution takes longer, uses more memory, costs more in API calls, and eventually hits provider rate limits — all without any change to the workflow.

Recommended Fix:

Add a time-based filter parameter using $now minus the trigger interval (e.g., updatedAfter: {{ DateTime.now().minus({ hours: 1 }).toISO() }}). Alternatively, track the last-processed timestamp in a database or workflow static data and filter to records newer than that point.


10Missing audit logRisk MediumConfidence 70%3 nodes affected
Affected Nodes:
  • Send to DevGroup
  • Send to Team
  • Send to Director
What happens:

If this action is disputed, replayed, or causes a data inconsistency, there is no structured record of what was sent, when, and with what data. Debugging requires cross-referencing n8n execution history with the external system's own logs.

Recommended Fix:

After the write node, add a step that records the key fields of the action to a log — a Google Sheet row append, a database insert to an audit table, or a Slack message to a dedicated ops channel. Include: timestamp, action type, affected ID, and result.

Cost Hotspots

Currently covers AI/LLM nodes. Non-AI API costs will be added in a future update.

1Unfiltered pollLow exposure10 pts1 node affected
Affected Nodes:
  • Regular Scanner: Everyday at 9am
What happens:

full dataset fetched on every run

Recommended Fix:

Add a time-based filter parameter using $now minus the trigger interval (e.g., updatedAfter: {{ DateTime.now().minus({ hours: 1 }).toISO() }}). Alternatively, track the last-processed timestamp in a database or workflow static data and filter to records newer than that point.


2Agent iteration riskLow exposure10 pts4 nodes affected
Affected Nodes:
  • Supervisor Orchestrator
  • Hardcore Developer
  • Risk Evaluator
What happens:

no max iterations set

Recommended Fix:

Set maxIterations to 10–20 for most agentic tasks. Monitor actual iteration counts in execution history and adjust up if legitimate tasks are being cut short.

Raw Findings (31)
#Issue titleIssue descriptionAffected nodes
1ReliabilityAI node blocks synchronous webhook response path

Node "Production Incident Detector" executes in the synchronous response path of the webhook trigger. The webhook trigger's responseMode is "responseNode", meaning the webhook sender waits for a response before marking delivery complete.

Production Incident Detector, Supervisor OrchestratorHigh85%
2ReliabilityExternal call with no timeout configured

Node "Supervisor Orchestrator" makes an external call with no timeout parameter set. The n8n execution will wait indefinitely if the provider is slow or unresponsive.

Supervisor Orchestrator, Hardcore Developer, Risk Evaluator, PR & Status Manager, llama-3.3-70b, gemini-2.5-flash-lite, gemma-4-31b, openai/gpt-oss-20b, Send to DevGroup, Send to Team, Send to DirectorHigh90%
3SecurityFinding: webhook no auth

authentication: absent. path: short custom path "__KIPNAI_SAN__WEBHOOK_URL__c6cvjFw9__" (enumerable). downstream write node(s): "Send to Devlogs channel", "Send to Director", "Send to Team", "Send to DevGroup"

Production Incident Detector, Send to Devlogs channel, Send to Director, Send to Team, Send to DevGroupHigh90%
4ReliabilityNo error handler or failure notification path

Workflow has 18 high-risk nodes (external calls or writes) with no configured error workflow and no inline notification path. If a production execution fails, the failure only appears in execution history.

Supervisor Orchestrator, Hardcore Developer, Risk Evaluator, PR & Status Manager, Aggregator Layer, Automated Prompt, Data Preparer, llama-3.3-70b, gemini-2.5-flash-lite, gemma-4-31b, openai/gpt-oss-20b, Send to Devlogs channel, Send to DevGroup, Send to Team, Send to Director, Debugging Memory, Status Memory, Evaluation MemoryHigh85%
5Cost RiskAI agent has no iteration limit

Agent node "Supervisor Orchestrator" has no maxIterations or equivalent parameter. The agent will continue calling tools until it decides to stop or hits a platform-level limit.

Supervisor OrchestratorMedium85%
6Cost RiskAI agent has no iteration limit

Agent node "Hardcore Developer" has no maxIterations or equivalent parameter. The agent will continue calling tools until it decides to stop or hits a platform-level limit.

Hardcore DeveloperMedium85%
7Cost RiskAI agent has no iteration limit

Agent node "Risk Evaluator" has no maxIterations or equivalent parameter. The agent will continue calling tools until it decides to stop or hits a platform-level limit.

Risk EvaluatorMedium85%
8Cost RiskAI agent has no iteration limit

Agent node "PR & Status Manager" has no maxIterations or equivalent parameter. The agent will continue calling tools until it decides to stop or hits a platform-level limit.

PR & Status ManagerMedium85%
9ReliabilityAI output drives downstream logic without a structured format

Node "Supervisor Orchestrator" produces free-form text output that flows into downstream logic with no Output Parser or JSON mode configured.

Supervisor OrchestratorMedium75%
10ReliabilityFragile expression — likely to fail when production data shape differs from test data

Node "Supervisor Orchestrator" contains expression(s) with risky patterns that assume fields are always present.

Supervisor OrchestratorMedium75%
11ReliabilityFragile expression — likely to fail when production data shape differs from test data

Node "Send to Devlogs channel" contains expression(s) with risky patterns that assume fields are always present.

Send to Devlogs channelMedium75%
12ReliabilityFragile expression — likely to fail when production data shape differs from test data

Node "Send to DevGroup" contains expression(s) with risky patterns that assume fields are always present.

Send to DevGroupMedium75%
13ReliabilityFragile expression — likely to fail when production data shape differs from test data

Node "Send to Team" contains expression(s) with risky patterns that assume fields are always present.

Send to TeamMedium75%
14ReliabilityFragile expression — likely to fail when production data shape differs from test data

Node "Send to Director" contains expression(s) with risky patterns that assume fields are always present.

Send to DirectorMedium75%
15Cost RiskScheduled workflow fetches all records with no incremental filter

Node "Send to Director" fetches all records with no time-based or incremental filter. Every execution retrieves the full dataset.

Regular Scanner: Everyday at 9am, Send to DirectorMedium70%
16ObservabilitySide-effect node has no audit trail

Node "Send to DevGroup" performs a write node: "send to devgroup" (sideeffect: external_write) operation with no logging or audit trail detected downstream.

Send to DevGroupMedium70%
17ObservabilitySide-effect node has no audit trail

Node "Send to Team" performs a write node: "send to team" (sideeffect: external_write) operation with no logging or audit trail detected downstream.

Send to TeamMedium70%
18ObservabilitySide-effect node has no audit trail

Node "Send to Director" performs a write node: "send to director" (sideeffect: external_write) operation with no logging or audit trail detected downstream.

Send to DirectorMedium70%
19ReliabilityWebhook trigger feeds write operation without unique-key protection

The webhook trigger feeds node "Production Incident Detector" without a visible unique key constraint or deduplication step. No ID field parameter was detected in the write node configuration.

Production Incident Detector, Send to Devlogs channelMedium65%
20ReliabilityWebhook trigger feeds write operation without unique-key protection

The webhook trigger feeds node "Production Incident Detector" without a visible unique key constraint or deduplication step. No ID field parameter was detected in the write node configuration.

Production Incident Detector, Send to DirectorMedium65%
21ReliabilityWebhook trigger feeds write operation without unique-key protection

The webhook trigger feeds node "Production Incident Detector" without a visible unique key constraint or deduplication step. No ID field parameter was detected in the write node configuration.

Production Incident Detector, Send to TeamMedium65%
22ReliabilityWebhook trigger feeds write operation without unique-key protection

The webhook trigger feeds node "Production Incident Detector" without a visible unique key constraint or deduplication step. No ID field parameter was detected in the write node configuration.

Production Incident Detector, Send to DevGroupMedium65%
23ReliabilityFragile expression — likely to fail when production data shape differs from test data

Node "Create an issue" contains expression(s) with risky patterns that assume fields are always present.

Create an issueLow75%
24ReliabilityFinding: external without retry

Node "Supervisor Orchestrator" (@n8n/n8n-nodes-langchain.agent) is a read-only external call with no retry configured.. sideEffect: read_only, role: ai_agent. Read-only calls are typically safe to retry; enabling retryOnFail improves resilience to transient failures.

Supervisor OrchestratorInfo70%
25ReliabilityFinding: external without retry

Node "Hardcore Developer" (@n8n/n8n-nodes-langchain.agentTool) is a read-only external call with no retry configured.. sideEffect: read_only, role: ai_agent. Read-only calls are typically safe to retry; enabling retryOnFail improves resilience to transient failures.

Hardcore DeveloperInfo70%
26ReliabilityFinding: external without retry

Node "Risk Evaluator" (@n8n/n8n-nodes-langchain.agentTool) is a read-only external call with no retry configured.. sideEffect: read_only, role: ai_agent. Read-only calls are typically safe to retry; enabling retryOnFail improves resilience to transient failures.

Risk EvaluatorInfo70%
27ReliabilityFinding: external without retry

Node "PR & Status Manager" (@n8n/n8n-nodes-langchain.agentTool) is a read-only external call with no retry configured.. sideEffect: read_only, role: ai_agent. Read-only calls are typically safe to retry; enabling retryOnFail improves resilience to transient failures.

PR & Status ManagerInfo70%
28ReliabilityFinding: external without retry

Node "llama-3.3-70b" (@n8n/n8n-nodes-langchain.lmChatGroq) is a read-only external call with no retry configured.. sideEffect: read_only, role: ai_model_call. Read-only calls are typically safe to retry; enabling retryOnFail improves resilience to transient failures.

llama-3.3-70bInfo70%
29ReliabilityFinding: external without retry

Node "gemini-2.5-flash-lite" (@n8n/n8n-nodes-langchain.lmChatOpenRouter) is a read-only external call with no retry configured.. sideEffect: read_only, role: ai_model_call. Read-only calls are typically safe to retry; enabling retryOnFail improves resilience to transient failures.

gemini-2.5-flash-liteInfo70%
30ReliabilityFinding: external without retry

Node "gemma-4-31b" (@n8n/n8n-nodes-langchain.lmChatOpenRouter) is a read-only external call with no retry configured.. sideEffect: read_only, role: ai_model_call. Read-only calls are typically safe to retry; enabling retryOnFail improves resilience to transient failures.

gemma-4-31bInfo70%
31ReliabilityFinding: external without retry

Node "openai/gpt-oss-20b" (@n8n/n8n-nodes-langchain.lmChatOpenRouter) is a read-only external call with no retry configured.. sideEffect: read_only, role: ai_model_call. Read-only calls are typically safe to retry; enabling retryOnFail improves resilience to transient failures.

openai/gpt-oss-20bInfo70%

Catch workflow risks before they catch you