neo4j-document-import-skill
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The code examples in
SKILL.mduse default Neo4j credentialsauth=("neo4j", "password"). While these are documentation placeholders and standard defaults, users should replace them with secure credentials from environment variables as suggested in the verification checklist. - [EXTERNAL_DOWNLOADS]: The skill facilitates downloading content from external sources for ingestion. Examples include:
apoc.load.jsoninSKILL.mdfetching fromhttps://example.com/articles.json.- A custom
WebPageLoaderimplementation inSKILL.mdandreferences/kg-construction.mdusinghttpxto fetch content from user-provided file paths or URLs. - [COMMAND_EXECUTION]: The
README.mdandSKILL.mdfiles contain standard installation commands for Python packages (pip install neo4j-graphrag) and container orchestration (docker-compose up). These are standard administrative tasks for the skill's setup. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to process untrusted document content (PDF, JSON, Web) to extract graph entities via an LLM.
- Ingestion points:
SimpleKGPipeline.run_asyncprocesses external files and text strings;apoc.load.jsonprocesses remote JSON data. - Boundary markers: No explicit instruction delimiters (like XML tags or 'ignore' prefixes) are present in the extraction prompts shown in the examples.
- Capability inventory: The skill writes to a Neo4j database via the
neo4jdriver and performs LLM extraction via theneo4j-graphraglibrary. - Sanitization: No explicit sanitization or validation of the input document content is described before it is passed to the LLM for entity extraction.
Audit Metadata