pinecone
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection attacks because it combines data retrieval from an external source with high-privilege administrative capabilities.
- Ingestion points: The
index.query()function inSKILL.mdandreferences/deployment.mdretrieves metadata and values from the Pinecone database. - Boundary markers: Absent. There are no instructions or delimiters provided to help the agent distinguish between internal system instructions and retrieved data.
- Capability inventory: The skill includes destructive operations such as
pc.delete_index()andindex.delete()inSKILL.md. - Sanitization: Absent. The documentation does not implement or suggest any filtering or sanitization of retrieved metadata before it is used in the agent's context.
- [External Downloads] (MEDIUM): The skill requires the installation of external software from an untrusted source.
- Evidence:
pip install pinecone-clientanddependencies: [pinecone-client]inSKILL.md. - Risk: The package
pinecone-clientis not hosted by a specifically whitelisted trusted organization, creating a potential risk for supply chain attacks or dependency confusion if versions are not pinned and verified.
Recommendations
- AI detected serious security threats
Audit Metadata