hkgb
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): Hardcoded credentials detected in the reference script. In
references/full_example.py, the Neo4j driver is initialized withauth=("neo4j", "password"), which is a security risk if used in production. - PROMPT_INJECTION (LOW): Surface for indirect prompt injection. 1. Ingestion points: The skill ingests untrusted data from
metadata.csvand PDF files using theSimpleKGPipeline. 2. Boundary markers: No explicit instructions are provided to the LLM to ignore embedded instructions within the source documents. 3. Capability inventory: The skill has the capability to modify a Neo4j database based on LLM extractions. 4. Sanitization: While the Cypher queries use proper parameterization (parameters_=record) to prevent query injection, the LLM extraction phase remains vulnerable to malicious instructions within processed documents.
Recommendations
- AI detected serious security threats
Audit Metadata