The Agent Skills Directory

Unverifiable Dependencies (MEDIUM): The skill performs a global installation of @picahq/cli via npm. This source is not included in the predefined trusted organizations list, making it an unverifiable dependency.
Persistence Mechanisms & Sensitive File Access (HIGH): The pica init command modifies sensitive AI agent configuration files, including ~/.claude.json, ~/.cursor/mcp.json, and ~/Library/Application Support/Claude/claude_desktop_config.json. This acts as a persistence mechanism that ensures the Pica MCP server is loaded automatically in future sessions and provides the ability to read/write existing configurations.
Indirect Prompt Injection (HIGH): This skill provides the capability to ingest data from 200+ external platforms and execute actions on them.
Ingestion points: External data enters the agent context through platform-specific actions via the execute_pica_action tool (e.g., reading emails or Slack messages).
Boundary markers: The skill fails to define any boundary markers or instructions to ignore embedded commands within the ingested data.
Capability inventory: The skill provides high-privilege capabilities, including the ability to execute API actions (write/execute) on connected platforms.
Sanitization: There is no evidence of sanitization or content filtering for data retrieved from external platforms.

connect