pinecone
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions to install and use official client libraries (@pinecone-database/pinecone and openai) from standard registries. These are associated with well-known technology services.
- [PROMPT_INJECTION]: The skill provides implementation templates for a Retrieval-Augmented Generation (RAG) pattern, which creates an indirect prompt injection surface.
- Ingestion points: Data is ingested via the Pinecone metadata field (
match.metadata?.text) in theragQueryfunction withinSKILL.md. - Boundary markers: The provided prompt template uses a basic header structure (
Answer based on this context:\n\n) to separate context from the user question. - Capability inventory: The skill facilitates API calls to vector database and language model providers to process data and generate outputs.
- Sanitization: The examples do not demonstrate specific sanitization or validation of the retrieved content before interpolation into the prompt.
Audit Metadata