neo4j-kafka-skill
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation on configuring and operating Neo4j Kafka connectors, covering both source and sink strategies.
- [EXTERNAL_DOWNLOADS]: The documentation includes instructions to download the connector JAR from the official Neo4j GitHub repository and Confluent Hub. These are recognized as trusted sources for this technology and do not pose a security risk.
- [CREDENTIALS_UNSAFE]: The skill follows security best practices by explicitly advising against hardcoding credentials. It demonstrates the use of Kafka Connect secrets providers (e.g., using the
${file:...}syntax) for sensitive information like passwords. Example values provided in the text are clearly placeholders for configuration purposes. - [COMMAND_EXECUTION]: The provided Python and Java code examples for interacting with the native CDC API use standard official Neo4j drivers and polling patterns. There is no evidence of malicious command execution or unsafe shell interpolation.
- [PROMPT_INJECTION]: While the skill involves processing data from external Kafka topics (Indirect Prompt Injection surface), it utilizes bound variables (e.g.,
__value) in Cypher queries to safely handle incoming payloads. This is the standard and recommended practice to prevent injection when processing untrusted external data.
Audit Metadata