neo4j-gds-skill
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user to install the Graph Data Science Python client using
pip install graphdatascienceand its performance extensionpip install graphdatascience[rust_ext]. These are standard dependencies for the library's functionality. - [CREDENTIALS_UNSAFE]: In
SKILL.md, connection examples include hardcoded authentication parameters such asauth=("neo4j", "password"). While "password" serves as a placeholder in this context, hardcoding credentials in scripts is a potential security risk for users who do not transition to environment variables. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external Neo4j databases via Cypher queries (
read-cypher) to create in-memory graph projections. This data then flows into graph algorithms and subsequent agent reasoning without explicit boundary markers or sanitization of the database content. The agent's capabilities include performing database writes (write-cypher) and executing shell commands (Bash), completing a potential attack surface where malicious database content could influence agent actions.
Audit Metadata