pica-crewai
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the @picahq/mcp server package using npx. This is a standard vendor-provided resource for the MCP integration.\n- [COMMAND_EXECUTION]: Runs the MCP server as a local subprocess using npx via the MCPServerStdio class. This is required for communication between the CrewAI agent and the PICA tools.\n- [PROMPT_INJECTION]: The skill defines an execution flow where user-provided prompts are passed directly to an agent with tool-calling capabilities.\n
- Ingestion points: The description field of the Task object in SKILL.md accepts arbitrary user strings.\n
- Boundary markers: The provided code does not implement delimiters or specific instructions to ignore embedded commands in the user prompt.\n
- Capability inventory: The agent is configured with access to PICA tools, which can interact with external services like CRMs and databases.\n
- Sanitization: No input validation or sanitization is performed on the user prompt before it is processed by the LLM.
Audit Metadata