The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute neo4j-admin, cypher-shell, and aura-cli commands. This is the primary intended function of the skill and is required for database administration tasks.
[EXTERNAL_DOWNLOADS]: The documentation provides instructions to download binaries and install Python packages (aura-cli, neo4j-mcp-server) from official vendor-owned repositories on GitHub and standard package registries. These are recognized as legitimate resources associated with the technology.
[CREDENTIALS_UNSAFE]: Several reference examples demonstrate passing API credentials, such as client IDs and secrets, as command-line arguments (e.g., --client-secret). While this is a standard feature of the tools described, it is a practice that can expose sensitive information in local shell history files. The skill also appropriately mentions using environment variables as a more secure alternative.
[COMMAND_EXECUTION]: Installation steps for various platforms involve the use of sudo to move binaries to system-protected directories (e.g., /usr/local/bin/) and modification of file permissions (chmod +x). These are standard operations for installing system-level utilities.
[PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it ingests user-provided instructions to execute shell commands and Cypher queries, which could potentially be manipulated if they contain malicious instructions.
Ingestion points: SKILL.md (guidance for interpreting user requests into CLI operations and query execution).
Boundary markers: Absent (no explicit use of delimiters or 'ignore embedded instructions' warnings for external data interpolation).
Capability inventory: Bash (shell execution), WebFetch (network requests), and various file system operations including database backups and log inspection.
Sanitization: Not explicitly described for user input that might be interpolated into shell or Cypher commands.

neo4j-cli-tools-skill