neo4j-graphrag-skill

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill documents the use of the official neo4j-graphrag Python package for building retrieval pipelines. All package installations (neo4j-graphrag, spacy, langchain-neo4j) are for legitimate libraries relevant to the skill's purpose.
  • [SAFE]: Code examples for database connection use appropriate placeholders such as and rather than hardcoded credentials, following security best practices.
  • [SAFE]: The skill uses standard configuration patterns for LLM integration (OpenAI, VertexAI, Anthropic) and clearly states that credentials should be stored in environment variables rather than being hardcoded.
  • [SAFE]: No hidden commands, multi-layer obfuscation, or malicious dynamic execution patterns (like curl | bash or eval with untrusted input) were found in any of the analyzed files.
  • [SAFE]: The skill's defined capabilities match its stated purpose of teaching and implementing Neo4j-based GraphRAG, with no evidence of privilege escalation or persistence mechanisms.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 03:50 PM
Security Audit — agent-trust-hub — neo4j-graphrag-skill