Back to skill

Security audit

Pinecone Search

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Pinecone knowledge-base tool that sends user-selected documents and searches to configured external services, with no evidence of hidden or destructive behavior.

Install only if you intend to send selected TXT or Markdown content to your embedding provider and store it in Pinecone. Use scoped API keys, prefer --dry-run before uploads, avoid recursive uploads of private folders, and manage retention or deletion directly in Pinecone.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (12)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger keywords are broad and partly ambiguous, including generic terms like '规范', '标准', '查询资料', and '知识库'. In an agent environment, this can cause unintended invocation on unrelated user requests, which may expose local files for upload or query remote knowledge bases when the user did not explicitly intend to use this skill.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill describes document upload and embedding but does not clearly warn that document contents and metadata are sent to external services for embedding and stored in Pinecone. This is dangerous because users may upload sensitive proprietary or personal documents without understanding that file paths, chunks, and content-derived vectors leave the local environment and persist remotely.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The upload flow sends raw document text and associated metadata such as source path, filename, title, and timestamps to external services for embedding and storage. This creates a real data-exposure risk because users may unknowingly transmit sensitive local content or environment-specific metadata off-host, and the code contains no consent prompt, redaction step, or policy gate before doing so.

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
pinecone>=5.0.0
python-dotenv>=1.0.0
tiktoken>=0.5.0
Confidence
97% confidence
Finding
openai>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
pinecone>=5.0.0
python-dotenv>=1.0.0
tiktoken>=0.5.0
pydantic>=2.0.0
Confidence
97% confidence
Finding
pinecone>=5.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
pinecone>=5.0.0
python-dotenv>=1.0.0
tiktoken>=0.5.0
pydantic>=2.0.0
pydantic-settings>=2.0.0
Confidence
98% confidence
Finding
python-dotenv>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.0.0
pinecone>=5.0.0
python-dotenv>=1.0.0
tiktoken>=0.5.0
pydantic>=2.0.0
pydantic-settings>=2.0.0
chardet>=5.0.0
Confidence
96% confidence
Finding
tiktoken>=0.5.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pinecone>=5.0.0
python-dotenv>=1.0.0
tiktoken>=0.5.0
pydantic>=2.0.0
pydantic-settings>=2.0.0
chardet>=5.0.0
Confidence
98% confidence
Finding
pydantic>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
python-dotenv>=1.0.0
tiktoken>=0.5.0
pydantic>=2.0.0
pydantic-settings>=2.0.0
chardet>=5.0.0
Confidence
96% confidence
Finding
pydantic-settings>=2.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
tiktoken>=0.5.0
pydantic>=2.0.0
pydantic-settings>=2.0.0
chardet>=5.0.0
Confidence
95% confidence
Finding
chardet>=5.0.0

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
79% confidence
Finding
python-dotenv

Known Vulnerable Dependency: pydantic — 3 advisory(ies): CVE-2021-29510 (Use of "infinity" as an input to datetime and date fields causes infinite loop i); CVE-2024-3772 (Pydantic regular expression denial of service); CVE-2021-29510 (Pydantic is a data validation and settings management using Python type hinting.)

High
Category
Supply Chain
Confidence
88% confidence
Finding
pydantic

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.