neo4j-genai-plugin-skill
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it demonstrates patterns where untrusted data from the database is interpolated directly into LLM prompts without robust boundary markers or sanitization.
- Ingestion points:
SKILL.md(e.g.,ai.text.completion('Summarize: ' + $text, ...)) andreferences/providers.md. - Boundary markers: Missing or minimal (simple string concatenation is used in examples).
- Capability inventory: The skill enables the agent to execute Cypher queries that call external LLM APIs via the plugin.
- Sanitization: No sanitization, escaping, or validation of the input text is demonstrated in the provided code snippets.
- [SAFE]: The skill correctly advises using database parameters (e.g.,
$openaiKey) for sensitive credentials such as API tokens and access keys, specifically warning against hardcoding literals in Cypher code. - [SAFE]: All external references and installation instructions point to official repositories of a well-known database vendor (Neo4j), which are considered trusted sources for configuration and documentation.
Audit Metadata