neo4j-graphrag-skill
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documents the use of the official neo4j-graphrag Python package for building retrieval pipelines. All package installations (neo4j-graphrag, spacy, langchain-neo4j) are for legitimate libraries relevant to the skill's purpose.
- [SAFE]: Code examples for database connection use appropriate placeholders such as and rather than hardcoded credentials, following security best practices.
- [SAFE]: The skill uses standard configuration patterns for LLM integration (OpenAI, VertexAI, Anthropic) and clearly states that credentials should be stored in environment variables rather than being hardcoded.
- [SAFE]: No hidden commands, multi-layer obfuscation, or malicious dynamic execution patterns (like curl | bash or eval with untrusted input) were found in any of the analyzed files.
- [SAFE]: The skill's defined capabilities match its stated purpose of teaching and implementing Neo4j-based GraphRAG, with no evidence of privilege escalation or persistence mechanisms.
Audit Metadata