neo4j-security-skill
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is authored by 'neo4j-contrib', and all references, installation commands, and documentation point to official or vendor-controlled repositories.
- [SAFE]: Implements a 'MANDATORY' MCP Write Gate that requires the agent to display planned Cypher commands and wait for explicit human confirmation before executing any user, role, or privilege modifications.
- [SAFE]: Promotes secure practices by recommending parameterized inputs for sensitive values like passwords rather than hardcoded strings.
- [SAFE]: No obfuscation, prompt injection, or unauthorized data exfiltration patterns were detected. The use of 'Bash' and 'WebFetch' tools is declared in the manifest and consistent with legitimate management workflows.
Audit Metadata