pinecone
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (INFO): The skill references the official
pinecone-clientpackage and integration libraries such aslangchain-pineconeandllama-index-vector-stores-pinecone. - [PROMPT_INJECTION] (LOW): Vulnerability surface for Indirect Prompt Injection (Category 8). 1. Ingestion points:
upsert()(metadata and values) andquery()(vector and filter) parameters. 2. Boundary markers: Absent in code snippets. 3. Capability inventory: CRUD operations on vector data (upsert, query, delete). 4. Sanitization: No explicit sanitization or validation shown for external data before storage or retrieval.
Audit Metadata