Skills
skills/neo4j-contrib/neo4j-skills/neo4j-getting-started-skill/Gen Agent Trust Hub

neo4j-getting-started-skill

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the official neo4j-mcp binary from Neo4j's GitHub repository and pulls the neo4j:enterprise Docker image during local environment setup.
  • [REMOTE_CODE_EXECUTION]: Downloads and executes the neo4j-mcp binary and applies remote Cypher scripts from the neo4j-graph-examples repository to populate the database. These operations target official vendor sources as part of the primary skill functionality.
  • [COMMAND_EXECUTION]: Executes shell commands to manage Docker containers, initialize Python virtual environments, and install project-specific dependencies via pip. It also generates and executes Python scripts for cloud provisioning and data generation.
  • [PROMPT_INJECTION]: Includes an "autonomous mode" that bypasses human-in-the-loop review checkpoints when specific configuration variables are provided in the initial prompt. The skill also presents a surface for indirect prompt injection during document ingestion in the loading stage.
  • Ingestion points: Local document files processed in Stage 4 (data/ directory).
  • Boundary markers: Absent.
  • Capability inventory: Shell access (Bash), file system writes, and execution of generated Python scripts.
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 04:04 AM