neo4j-gds-skill

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the user to install the Graph Data Science Python client using pip install graphdatascience and its performance extension pip install graphdatascience[rust_ext]. These are standard dependencies for the library's functionality.
  • [CREDENTIALS_UNSAFE]: In SKILL.md, connection examples include hardcoded authentication parameters such as auth=("neo4j", "password"). While "password" serves as a placeholder in this context, hardcoding credentials in scripts is a potential security risk for users who do not transition to environment variables.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external Neo4j databases via Cypher queries (read-cypher) to create in-memory graph projections. This data then flows into graph algorithms and subsequent agent reasoning without explicit boundary markers or sanitization of the database content. The agent's capabilities include performing database writes (write-cypher) and executing shell commands (Bash), completing a potential attack surface where malicious database content could influence agent actions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 03:50 PM
Security Audit — agent-trust-hub — neo4j-gds-skill