pinecone-n8n
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill recommends the use of official Pinecone and n8n community nodes (@pinecone-database/n8n-nodes-pinecone-assistant and @n8n/n8n-nodes-langchain) and directs users to the official Pinecone console for setup.
- [PROMPT_INJECTION]: The skill describes a Retrieval-Augmented Generation (RAG) architecture that ingests untrusted data from external URLs, which is an inherent surface for indirect prompt injection.
- Ingestion points: External URLs processed by the
httpRequestnode and uploaded to Pinecone in the Phase 1 Ingestion workflow. - Boundary markers: The provided system prompt templates for the AI Agent do not include specific delimiters or 'ignore' instructions for the retrieved context.
- Capability inventory: The workflow grants the AI Agent access to the Pinecone retrieval tool to fetch context from ingested documents.
- Sanitization: The skill does not include instructions for sanitizing or filtering the content of ingested files before they are stored in the vector database.
Audit Metadata