neo4j-driver-js
Fail
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The expandNetwork function in SKILL.md performs string interpolation of the hops variable directly into a Cypher query: MATCH path = (p:Person {id: $personId})-[*1..${hops}]-(connected)... This creates a Cypher injection vulnerability where an attacker could provide a malicious string to alter the query structure, bypass filters, or modify database content.
- [CREDENTIALS_UNSAFE]: The NEO4J_CONFIG constant includes a hardcoded default password value of "password". Hardcoding credentials, even as defaults, is a security risk that can lead to unauthorized access if the values are not updated for production use.
- [EXTERNAL_DOWNLOADS]: Fetches the neo4j-driver package from the official NPM registry to enable graph database interactions.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its processing of database content.
- Ingestion points: Data enters the agent context through session.run and tx.run results in SKILL.md.
- Boundary markers: No delimiters or safety instructions are used to separate database content from agent instructions.
- Capability inventory: The skill executes Cypher queries and maps graph results to UI structures.
- Sanitization: Input validation is missing for the hops variable in the expandNetwork function, although parameters are used for other inputs.
Recommendations
- AI detected serious security threats
Audit Metadata