neo4j-getting-started-skill
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the
neo4j-mcpbinary from the official Neo4j organization's GitHub releases during the prerequisites stage. - [REMOTE_CODE_EXECUTION]: The downloaded
neo4j-mcpbinary is granted execution permissions and run by the agent to provide database introspection and query tools. - [EXTERNAL_DOWNLOADS]: Fetches Cypher import scripts for demo datasets from Neo4j's public GitHub repositories (e.g., movies, Northwind).
- [COMMAND_EXECUTION]: The skill generates and executes several Python scripts and shell commands to provision Neo4j Aura instances, manage Docker containers, and build application artifacts like Streamlit dashboards and FastAPI backends.
- [CREDENTIALS_UNSAFE]: Requests sensitive Neo4j Aura API credentials and database passwords from the user. It follows security best practices by instructing the agent to store these in
.envandaura.envfiles and ensuring they are added to the project's.gitignorefile. - [PROMPT_INJECTION]: The skill implements a GraphRAG path that ingests untrusted text, Markdown, and PDF documents from a user-controlled directory to build a knowledge graph.
- Ingestion points: Reads all files within the
data/directory for processing by theneo4j-graphraglibrary. - Boundary markers: Does not implement explicit boundary markers or instructions to ignore embedded prompts in processed documents.
- Capability inventory: The skill has the capability to execute arbitrary Cypher queries and shell commands through the generated scripts and binary tools.
- Sanitization: Relies on standard LLM-based entity extraction and embedding without additional content filtering.
Audit Metadata