Skills
skills/pinecone-io/skills/help/Gen Agent Trust Hub

help

Fail

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Remote Code Execution (CRITICAL): The command curl -LsSf https://astral.sh/uv/install.sh | sh in SKILL.md is a critical finding. It downloads a shell script from a remote host (astral.sh) and executes it immediately via a shell pipe. This source is not on the Trusted External Sources list, and the execution method prevents any inspection or integrity verification before the code runs.
  • External Downloads (LOW): The skill directs users to external installation sources for the Pinecone CLI (via Homebrew) and the Pinecone MCP server. While these are legitimate tools, they introduce external dependencies from third-party repositories.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 20, 2026, 10:11 PM