neo4j-migration-skill
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches migration guides and changelogs from official Neo4j sources including neo4j.com and the neo4j organization on GitHub (e.g., github.com/neo4j/neo4j-go-driver). These are trusted vendor resources.
- [PROMPT_INJECTION]: The skill is designed to process external content fetched via the WebFetch tool, which presents a surface for indirect prompt injection.
- Ingestion points: Documentation links in SKILL.md and the specific language reference files (e.g., references/dotnet-driver.md, references/python-driver.md) that point to external changelogs.
- Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands in the fetched documentation.
- Capability inventory: The skill uses the WebFetch tool and provides guidance for code modifications. It does not contain scripts with shell or file system access.
- Sanitization: Content is retrieved from official vendor repositories and used to inform the upgrade plan without additional sanitization.
Audit Metadata