neo4j-document-import-skill
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard documentation and code templates for building knowledge graphs. The code uses well-known libraries such as LangChain and the official Neo4j GraphRAG package.
- [INDIRECT_PROMPT_INJECTION]: The skill describes a pipeline that processes unstructured documents (PDF, HTML, text) to extract entities using an LLM, which represents a potential surface for indirect prompt injection attacks where malicious content in the documents could influence the extraction process.
- Ingestion points: Document content is ingested through the
document_textvariable within the Python code snippets inSKILL.md. - Boundary markers: The examples do not demonstrate the use of boundary markers or specific instructions to ignore embedded commands within the ingested text.
- Capability inventory: The skill utilizes database write capabilities via
driver.execute_queryand network data loading viaapoc.load.json. - Sanitization: No input sanitization or validation steps are included in the provided code templates.
Audit Metadata