pinecone-query
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection. By ingesting user queries and retrieving data from remote Pinecone indexes, the agent could be exposed to malicious instructions embedded within the stored database records.\n
- Ingestion points: Natural language user queries and data retrieved from vector index records via the
search-recordstool.\n - Boundary markers: The instructions do not specify any delimiters or safety prompts (e.g., 'ignore embedded instructions') for the data being processed.\n
- Capability inventory: The skill is capable of calling multiple Pinecone MCP tools:
search-records,list-indexes,describe-index,describe-index-stats, andrerank-documents.\n - Sanitization: No sanitization or validation of the retrieved record metadata is performed before displaying it to the user.\n- [NO_CODE]: The skill consists exclusively of a
SKILL.mdfile containing YAML metadata and markdown instructions. It does not ship with scripts, binaries, or automated installation logic, significantly reducing the attack surface.
Audit Metadata