pica-actions
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
picaCLI tool to perform all operations, including listing connections, searching for API actions, and executing them on external platforms. - Evidence: Commands such as
pica connection list,pica actions search, andpica actions executeare used throughoutSKILL.mdto interact with the Pica infrastructure. - [PROMPT_INJECTION]: The skill presents a potential surface for indirect prompt injection as it instructs the agent to ingest documentation ('knowledge') from the CLI and use it to construct subsequent API execution commands. However, this is the intended functional workflow and the instructions include advice on using single quotes for JSON values to prevent shell-related issues.
- Ingestion points: Output from
pica actions searchandpica actions knowledge(SKILL.md). - Boundary markers: Absent.
- Capability inventory:
pica actions executeallows the agent to perform network requests via the Pica proxy. - Sanitization: The instructions recommend using single quotes to avoid shell escaping issues when passing JSON data.
Audit Metadata