pinecone
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Utilizes the
curlutility to perform administrative and data operations against the Pinecone API, such as index creation and vector upserting. - [EXTERNAL_DOWNLOADS]: Establoys network connections to the official Pinecone API domain (
api.pinecone.io) and dynamically retrieved index host subdomains. - [DATA_EXFILTRATION]: Secret management is handled securely via the
$PINECONE_TOKENenvironment variable, avoiding the use of hardcoded credentials or unauthorized data transmission paths. - [SAFE]: The skill references troubleshooting tools (
zero doctor) and connector platforms (app.vm0.ai) that are associated with the skill's author (vm0-ai) and are consistent with its intended functionality. - [SAFE]: The skill facilitates the retrieval of vector metadata, which is a standard surface for indirect prompt injection. Ingestion points: Response data from
queryandfetchendpoints inSKILL.md. Boundary markers: None defined. Capability inventory: Shell execution viacurland file system writes to/tmp/. Sanitization: No explicit validation or filtering of external data is specified in the prompt instructions.
Audit Metadata