neo4j-driver-javascript-skill
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and code examples for the official
neo4j-driver. All external references and package installations target the legitimate vendor resources (neo4j-driver) or the author's official repository (neo4j-contrib). - [DATA_EXPOSURE]: The skill correctly demonstrates using environment variables (
process.env.NEO4J_PASSWORD) for database credentials rather than hardcoding them. Example code uses obvious placeholders like 'password' and 'xxx.databases.neo4j.io'. - [PROMPT_INJECTION]: The skill includes explicit security guidance for developers to avoid Cypher injection by using parameterization ($param) instead of string concatenation/template literals.
- [COMMAND_EXECUTION]: Code examples for driver installation and lifecycle are standard for Node.js development and do not include any suspicious or high-risk command execution patterns.
Audit Metadata