neo4j-document-import-skill

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The code examples in SKILL.md use default Neo4j credentials auth=("neo4j", "password"). While these are documentation placeholders and standard defaults, users should replace them with secure credentials from environment variables as suggested in the verification checklist.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates downloading content from external sources for ingestion. Examples include:
  • apoc.load.json in SKILL.md fetching from https://example.com/articles.json.
  • A custom WebPageLoader implementation in SKILL.md and references/kg-construction.md using httpx to fetch content from user-provided file paths or URLs.
  • [COMMAND_EXECUTION]: The README.md and SKILL.md files contain standard installation commands for Python packages (pip install neo4j-graphrag) and container orchestration (docker-compose up). These are standard administrative tasks for the skill's setup.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to process untrusted document content (PDF, JSON, Web) to extract graph entities via an LLM.
  • Ingestion points: SimpleKGPipeline.run_async processes external files and text strings; apoc.load.json processes remote JSON data.
  • Boundary markers: No explicit instruction delimiters (like XML tags or 'ignore' prefixes) are present in the extraction prompts shown in the examples.
  • Capability inventory: The skill writes to a Neo4j database via the neo4j driver and performs LLM extraction via the neo4j-graphrag library.
  • Sanitization: No explicit sanitization or validation of the input document content is described before it is passed to the LLM for entity extraction.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 08:42 AM
Security Audit — agent-trust-hub — neo4j-document-import-skill