pica-actions

SUSPICIOUS: the skill's stated purpose matches its capabilities, but its security footprint is broad and high-trust. The main concern is data-flow integrity: actions for many services are funneled through Pica's intermediary proxy instead of official platform APIs, and the exact standalone `pica` CLI workflow was not clearly verified in the official docs located. This is not confirmed malware, but it is a medium-high risk integration skill due to broad delegated access, credential forwarding through a third party, and support for autonomous real-world actions.